Home Firewall

Posted on 2011-03-22
Last Modified: 2012-06-27
I guess this is more of an opinion question, but is a true home firewall needed?  Is a Linksys/Netgear router enough?

I understand that a firewall is really only a portion of the defense in depth approach.  I know there is not a magic silver bullet.  I patch my PCs, encrypt/secure my wireless, put AV/Malware protection on my computers/smartphones.  Our home networks are becoming more sophisticated as time goes on and we store more sensitive data on that network than ever before.

I'm getting ready to revamp my home network infrastructure was just curious what other people think about this topic.
Question by:Kram80
LVL 15

Assisted Solution

DonConsolio earned 37 total points
ID: 35195240
If you do not intend to provide services like WWW/FTP/mail to the internet and you
secure your internal network you can be perfectly secure behind a NAT router.

Assisted Solution

siht earned 37 total points
ID: 35195241
I'd have a think about what I keep on my home network. Are you keeping banking details on your network? Do you bring work data home or work from home? How valuable to potential data thieves is it and how paranoid are you?

Some SOHO routers have a pretty good feature set, I have a Billion 7800N which I find more than adequate and far better than the general Linksys/Netgear ones I have used n the past. There are also dedicated firewall systems available for free such as pfsense and smoothwall which will happily run on most old hardware, both of these offer many advanced options.

To directly answer your question, you'll probably be OK with a basic Linksys/Netgear home router in combination with the other good practices you are implementing. For some though, myself included, probably isn't good enough and implementing something stronger is neither expensive or too difficult.
LVL 17

Assisted Solution

sgsm81 earned 138 total points
ID: 35196956
If you have an internet connection with a provider then it is their responsibility to a point to provide hardware that is fit for purpose to protect you and themselves from unauthorised use.

Most companies from my experience offer either a Netgear/Linksys/D-Link/Sagem/Cisco solution on lines running from 0.5mb to 100mb the hardware provided is pretty much the same

Provided you have updated antivirus to stop any malicious software being installed and some anti-malware software handy (like malwarebytes anti-malware), given the scope of the internet itself and the amount of connected devices there is always safety in numbers.

There is only so much that cna be done, if you want to give yourself a project you can always install something like suggested by siht i.e. smoothwall (or clearos) however this has its own overheads and technical knowledge/it resources are needed.


Assisted Solution

FWeston earned 38 total points
ID: 35206646
It depends largely on the people who will be using the network.  If, for example, you have children, they are a huge risk vector because kids will download and run just about anything, so there's a big potential for them to get crapware on their systems.

One of the most overlooked areas of security in my opinion is securing outbound traffic.  Most routers/firewalls deny everything inbound by default, but I'd say that it's also a good idea to deny all outbound traffic by default as well.  For example, if you have a home NAS or media PC, chances are that it doesn't have any real need to talk to the Internet that much if at all, so a good first step would be to isolate devices such as that and make sure they cannot talk to anything other than the local LAN.

You could also further isolate at risk systems (kids PCs, etc) by placing them on a separate VLAN and placing a firewall between them and the main VLAN where your PC with your sensitive data sits.  Consumer level networking gear is getting better all the time, so I'd imagine there's probably something made by Linksys or Netgear that can accomplish this.  If not, there's tons of used Cisco gear that could do it very easily.  For example, you could probably pick up a used asa5505 for a couple hundred bucks.  There's definitely a learning curve if you're unfamiliar with Cisco equipment, but you can get a smartnet contract pretty inexpensively which will give you access to the Cisco TAC, where you can get configuration assistance.
LVL 17

Accepted Solution

sgsm81 earned 138 total points
ID: 35252164
There are also routers on the market that offer a main and then a guest network as part of the configuration options of the router by default, i know some netgears do this.

This way you could seriously lock down and secure "your" devices and disable SSID so no one can even see the wireless then configure the guest settings and use that for everything else

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question