Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Home Firewall

Posted on 2011-03-22
5
Medium Priority
?
436 Views
Last Modified: 2012-06-27
I guess this is more of an opinion question, but is a true home firewall needed?  Is a Linksys/Netgear router enough?

I understand that a firewall is really only a portion of the defense in depth approach.  I know there is not a magic silver bullet.  I patch my PCs, encrypt/secure my wireless, put AV/Malware protection on my computers/smartphones.  Our home networks are becoming more sophisticated as time goes on and we store more sensitive data on that network than ever before.

I'm getting ready to revamp my home network infrastructure was just curious what other people think about this topic.
0
Comment
Question by:Kram80
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 15

Assisted Solution

by:DonConsolio
DonConsolio earned 148 total points
ID: 35195240
If you do not intend to provide services like WWW/FTP/mail to the internet and you
secure your internal network you can be perfectly secure behind a NAT router.
0
 
LVL 6

Assisted Solution

by:siht
siht earned 148 total points
ID: 35195241
I'd have a think about what I keep on my home network. Are you keeping banking details on your network? Do you bring work data home or work from home? How valuable to potential data thieves is it and how paranoid are you?

Some SOHO routers have a pretty good feature set, I have a Billion 7800N which I find more than adequate and far better than the general Linksys/Netgear ones I have used n the past. There are also dedicated firewall systems available for free such as pfsense and smoothwall which will happily run on most old hardware, both of these offer many advanced options.

To directly answer your question, you'll probably be OK with a basic Linksys/Netgear home router in combination with the other good practices you are implementing. For some though, myself included, probably isn't good enough and implementing something stronger is neither expensive or too difficult.

http://www.smoothwall.org/

http://pfsense.org/
0
 
LVL 17

Assisted Solution

by:Steve
Steve earned 552 total points
ID: 35196956
If you have an internet connection with a provider then it is their responsibility to a point to provide hardware that is fit for purpose to protect you and themselves from unauthorised use.

Most companies from my experience offer either a Netgear/Linksys/D-Link/Sagem/Cisco solution on lines running from 0.5mb to 100mb the hardware provided is pretty much the same

Provided you have updated antivirus to stop any malicious software being installed and some anti-malware software handy (like malwarebytes anti-malware), given the scope of the internet itself and the amount of connected devices there is always safety in numbers.

There is only so much that cna be done, if you want to give yourself a project you can always install something like suggested by siht i.e. smoothwall (or clearos) however this has its own overheads and technical knowledge/it resources are needed.

0
 
LVL 3

Assisted Solution

by:FWeston
FWeston earned 152 total points
ID: 35206646
It depends largely on the people who will be using the network.  If, for example, you have children, they are a huge risk vector because kids will download and run just about anything, so there's a big potential for them to get crapware on their systems.

One of the most overlooked areas of security in my opinion is securing outbound traffic.  Most routers/firewalls deny everything inbound by default, but I'd say that it's also a good idea to deny all outbound traffic by default as well.  For example, if you have a home NAS or media PC, chances are that it doesn't have any real need to talk to the Internet that much if at all, so a good first step would be to isolate devices such as that and make sure they cannot talk to anything other than the local LAN.

You could also further isolate at risk systems (kids PCs, etc) by placing them on a separate VLAN and placing a firewall between them and the main VLAN where your PC with your sensitive data sits.  Consumer level networking gear is getting better all the time, so I'd imagine there's probably something made by Linksys or Netgear that can accomplish this.  If not, there's tons of used Cisco gear that could do it very easily.  For example, you could probably pick up a used asa5505 for a couple hundred bucks.  There's definitely a learning curve if you're unfamiliar with Cisco equipment, but you can get a smartnet contract pretty inexpensively which will give you access to the Cisco TAC, where you can get configuration assistance.
0
 
LVL 17

Accepted Solution

by:
Steve earned 552 total points
ID: 35252164
There are also routers on the market that offer a main and then a guest network as part of the configuration options of the router by default, i know some netgears do this.

This way you could seriously lock down and secure "your" devices and disable SSID so no one can even see the wireless then configure the guest settings and use that for everything else
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Occasionally, we encounter connectivity issues that appear to be isolated to cable internet service.  The issues we typically encountered were reset errors within Internet Explorer when accessing web sites or continually dropped or failing VPN conne…
No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question