Solved

Home Firewall

Posted on 2011-03-22
5
433 Views
Last Modified: 2012-06-27
I guess this is more of an opinion question, but is a true home firewall needed?  Is a Linksys/Netgear router enough?

I understand that a firewall is really only a portion of the defense in depth approach.  I know there is not a magic silver bullet.  I patch my PCs, encrypt/secure my wireless, put AV/Malware protection on my computers/smartphones.  Our home networks are becoming more sophisticated as time goes on and we store more sensitive data on that network than ever before.

I'm getting ready to revamp my home network infrastructure was just curious what other people think about this topic.
0
Comment
Question by:Kram80
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 15

Assisted Solution

by:DonConsolio
DonConsolio earned 37 total points
ID: 35195240
If you do not intend to provide services like WWW/FTP/mail to the internet and you
secure your internal network you can be perfectly secure behind a NAT router.
0
 
LVL 6

Assisted Solution

by:siht
siht earned 37 total points
ID: 35195241
I'd have a think about what I keep on my home network. Are you keeping banking details on your network? Do you bring work data home or work from home? How valuable to potential data thieves is it and how paranoid are you?

Some SOHO routers have a pretty good feature set, I have a Billion 7800N which I find more than adequate and far better than the general Linksys/Netgear ones I have used n the past. There are also dedicated firewall systems available for free such as pfsense and smoothwall which will happily run on most old hardware, both of these offer many advanced options.

To directly answer your question, you'll probably be OK with a basic Linksys/Netgear home router in combination with the other good practices you are implementing. For some though, myself included, probably isn't good enough and implementing something stronger is neither expensive or too difficult.

http://www.smoothwall.org/

http://pfsense.org/
0
 
LVL 17

Assisted Solution

by:sgsm81
sgsm81 earned 138 total points
ID: 35196956
If you have an internet connection with a provider then it is their responsibility to a point to provide hardware that is fit for purpose to protect you and themselves from unauthorised use.

Most companies from my experience offer either a Netgear/Linksys/D-Link/Sagem/Cisco solution on lines running from 0.5mb to 100mb the hardware provided is pretty much the same

Provided you have updated antivirus to stop any malicious software being installed and some anti-malware software handy (like malwarebytes anti-malware), given the scope of the internet itself and the amount of connected devices there is always safety in numbers.

There is only so much that cna be done, if you want to give yourself a project you can always install something like suggested by siht i.e. smoothwall (or clearos) however this has its own overheads and technical knowledge/it resources are needed.

0
 
LVL 3

Assisted Solution

by:FWeston
FWeston earned 38 total points
ID: 35206646
It depends largely on the people who will be using the network.  If, for example, you have children, they are a huge risk vector because kids will download and run just about anything, so there's a big potential for them to get crapware on their systems.

One of the most overlooked areas of security in my opinion is securing outbound traffic.  Most routers/firewalls deny everything inbound by default, but I'd say that it's also a good idea to deny all outbound traffic by default as well.  For example, if you have a home NAS or media PC, chances are that it doesn't have any real need to talk to the Internet that much if at all, so a good first step would be to isolate devices such as that and make sure they cannot talk to anything other than the local LAN.

You could also further isolate at risk systems (kids PCs, etc) by placing them on a separate VLAN and placing a firewall between them and the main VLAN where your PC with your sensitive data sits.  Consumer level networking gear is getting better all the time, so I'd imagine there's probably something made by Linksys or Netgear that can accomplish this.  If not, there's tons of used Cisco gear that could do it very easily.  For example, you could probably pick up a used asa5505 for a couple hundred bucks.  There's definitely a learning curve if you're unfamiliar with Cisco equipment, but you can get a smartnet contract pretty inexpensively which will give you access to the Cisco TAC, where you can get configuration assistance.
0
 
LVL 17

Accepted Solution

by:
sgsm81 earned 138 total points
ID: 35252164
There are also routers on the market that offer a main and then a guest network as part of the configuration options of the router by default, i know some netgears do this.

This way you could seriously lock down and secure "your" devices and disable SSID so no one can even see the wireless then configure the guest settings and use that for everything else
0

Featured Post

Retailers - Is your network secure?

With the prevalence of social media & networking tools, for retailers, reputation is critical. Have you considered the impact your network security could have in your customer's experience? Learn more in our Retail Security Resource Kit Today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is to help the many people wanting to know what security systems the pros use and the ins and outs of a basic security system.  I have seen so many questions and made so many comments on this subject so I though this article would help.…
Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question