Home Firewall

Posted on 2011-03-22
Medium Priority
Last Modified: 2012-06-27
I guess this is more of an opinion question, but is a true home firewall needed?  Is a Linksys/Netgear router enough?

I understand that a firewall is really only a portion of the defense in depth approach.  I know there is not a magic silver bullet.  I patch my PCs, encrypt/secure my wireless, put AV/Malware protection on my computers/smartphones.  Our home networks are becoming more sophisticated as time goes on and we store more sensitive data on that network than ever before.

I'm getting ready to revamp my home network infrastructure was just curious what other people think about this topic.
Question by:Kram80
LVL 15

Assisted Solution

DonConsolio earned 148 total points
ID: 35195240
If you do not intend to provide services like WWW/FTP/mail to the internet and you
secure your internal network you can be perfectly secure behind a NAT router.

Assisted Solution

siht earned 148 total points
ID: 35195241
I'd have a think about what I keep on my home network. Are you keeping banking details on your network? Do you bring work data home or work from home? How valuable to potential data thieves is it and how paranoid are you?

Some SOHO routers have a pretty good feature set, I have a Billion 7800N which I find more than adequate and far better than the general Linksys/Netgear ones I have used n the past. There are also dedicated firewall systems available for free such as pfsense and smoothwall which will happily run on most old hardware, both of these offer many advanced options.

To directly answer your question, you'll probably be OK with a basic Linksys/Netgear home router in combination with the other good practices you are implementing. For some though, myself included, probably isn't good enough and implementing something stronger is neither expensive or too difficult.


LVL 17

Assisted Solution

Steve earned 552 total points
ID: 35196956
If you have an internet connection with a provider then it is their responsibility to a point to provide hardware that is fit for purpose to protect you and themselves from unauthorised use.

Most companies from my experience offer either a Netgear/Linksys/D-Link/Sagem/Cisco solution on lines running from 0.5mb to 100mb the hardware provided is pretty much the same

Provided you have updated antivirus to stop any malicious software being installed and some anti-malware software handy (like malwarebytes anti-malware), given the scope of the internet itself and the amount of connected devices there is always safety in numbers.

There is only so much that cna be done, if you want to give yourself a project you can always install something like suggested by siht i.e. smoothwall (or clearos) however this has its own overheads and technical knowledge/it resources are needed.


Assisted Solution

FWeston earned 152 total points
ID: 35206646
It depends largely on the people who will be using the network.  If, for example, you have children, they are a huge risk vector because kids will download and run just about anything, so there's a big potential for them to get crapware on their systems.

One of the most overlooked areas of security in my opinion is securing outbound traffic.  Most routers/firewalls deny everything inbound by default, but I'd say that it's also a good idea to deny all outbound traffic by default as well.  For example, if you have a home NAS or media PC, chances are that it doesn't have any real need to talk to the Internet that much if at all, so a good first step would be to isolate devices such as that and make sure they cannot talk to anything other than the local LAN.

You could also further isolate at risk systems (kids PCs, etc) by placing them on a separate VLAN and placing a firewall between them and the main VLAN where your PC with your sensitive data sits.  Consumer level networking gear is getting better all the time, so I'd imagine there's probably something made by Linksys or Netgear that can accomplish this.  If not, there's tons of used Cisco gear that could do it very easily.  For example, you could probably pick up a used asa5505 for a couple hundred bucks.  There's definitely a learning curve if you're unfamiliar with Cisco equipment, but you can get a smartnet contract pretty inexpensively which will give you access to the Cisco TAC, where you can get configuration assistance.
LVL 17

Accepted Solution

Steve earned 552 total points
ID: 35252164
There are also routers on the market that offer a main and then a guest network as part of the configuration options of the router by default, i know some netgears do this.

This way you could seriously lock down and secure "your" devices and disable SSID so no one can even see the wireless then configure the guest settings and use that for everything else

Featured Post

Increase Security & Decrease Risk with NSPM Tools

Analyst firm, Enterprise Management Associates (EMA) reveals significant benefits to enterprises when using Network Security Policy Management (NSPM) solutions, while organizations without, experienced issues including non standard security policies and failed cloud migrations

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Occasionally, we encounter connectivity issues that appear to be isolated to cable internet service.  The issues we typically encountered were reset errors within Internet Explorer when accessing web sites or continually dropped or failing VPN conne…
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Watch the video to know how one can repair corrupt Exchange OST file effortlessly and convert OST emails to MS Outlook PST file format by using Kernel for OST to PST converter tool. It can convert OST to MSG, MBOX, EML to access them. It can migrate…

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question