Router - Firewall- Confused

[mcn]

Hi all,

I would like some help with choosing a cable router and/or firewall for my home/office network. I am not technically savvie and am somewhat confused on whether i need a separate hardware firewall or if a router firewall is good enough.
Security is important but so is speed. I wish to ensure that i retain as much of the speed entering the modem throughout the network. I'll have 5 pc's plus printer, storage etc and, at some point, laptops and tablets.

From the router charts i see that the Cisco RV320 has the highest throughput and so am considering that but i don't understand how it stacks up security wise as a firewall. Or would it make sense to have a separate firewall (which leads on to which choice)? or would a consumer router be secure and fast enough?

As you see, this novice is very confused and would greatly appreciate any help with this, thank you.

 

[stevech]

Hi all,

I would like some help with choosing a cable router and/or firewall for my home/office network. I am not technically savvie and am somewhat confused on whether i need a separate hardware firewall or if a router firewall is good enough.
Security is important but so is speed. I wish to ensure that i retain as much of the speed entering the modem throughout the network. I'll have 5 pc's plus printer, storage etc and, at some point, laptops and tablets.

From the router charts i see that the Cisco RV320 has the highest throughput and so am considering that but i don't understand how it stacks up security wise as a firewall. Or would it make sense to have a separate firewall (which leads on to which choice)? or would a consumer router be secure and fast enough?

As you see, this novice is very confused and would greatly appreciate any help with this, thank you.

A consumer router is a firewall due to "NAT" and "port forwarding" done in all routers. No need for more.

In terms of speed - for PCs and printers that connect by wired means to the router, via an intermediary ethernet switch you optionally add to get more ports, the speed is the same for all routers. This is "wire speed". It is limited by your ISP's grade of service you pay for.

For WiFi user devices which are rarely desktop PCs, and most often are handheld devices, the speed is largely constrained by the goodness of the client device and the obstructions in the path from the device to the router.

If your ISP speed grade is exceptionally high, like more than 20Mbps, you might want us to help you choose.

Otherwise, I recommend using what you may already have in terms of a WiFi router. It should be at least 802.11n. The latest 802.11ac is marginally useful if your handheld devices are also '11ac capable (very new). So a $50-75 WiFi router will do fine. Even a $35 like the ASUS RT-N12 is OK for common use. The aficionados here will recommend pricey and that's fine, like buying leather seats in a car - doesn't affect performance.

If you have a multi-story or large home/office, we can help you improve WiFi coverage and speed with an added Access Point.

I recommend not using WiFi for things that don't move. Certainly not for the main PC or a network attached storage device (NAS).

newegg.com is my favorite source.

 

[mcn]

Thanks for replying.

My Internet speed is currently 150Mbs. If the price comes down i would consider upgrading to 250Mbs, which is the fastest my ISP currently provides. My ISP is UPC in Vienna, Austria.

 

[Nerre]

IMO the most important thing for security is knowledge.

It's no use having a "firewall" if you don't know how to configure it.

Asking if you need a firewall or if a router can be sufficient means that you have not considered what functions you need. Figure out what security functions you need and then see if you can find a router incorporating those.

 

[Shikami]

A consumer router is a firewall due to "NAT" and "port forwarding" done in all routers. No need for more.

A firewall is such not because of NAT. NAT, inadvertently, breaks the Internet and therefore has been given a "security" moniker by those that have not a clue, or wish to advertise "security" on a router box. NAT, in simple terms, was a way to handle the lack of addresses. But because it segregates the private network from the public network you to have handlers, ALG's, and such to fix the problem of the connection not being a true connection anymore. This was not a security feature, this was not a well enough thought of technique to handle lack of physical addresses. Not till recently has NAT handling improved, but still can have issues from router to router and it many implementations.

Here is the definition of NAT on Wiki: Network address translation (NAT) is a methodology of modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device for the purpose of remapping one IP address space into another. Port forwarding, punch hole, etc is what is used to guide the packet because the packet originally is assumed for a public address, and stops there not knowing anything about the private addresses. The packet header also has to be re-written when in transit from public to private-private to public addresses.

A firewall is a system or group of systems that enforces an access control
policy between two networks. A firewall has rules, and obligations to the packets. When that packet is being processed it has to be able to "withstand" the rules or be dropped, rejected, etc. If it can, then it is passed on down via NAT to the appropriate private address (ingress) and public address (egress). For example, if a packet was injected to the opened port of 21. The rules of SPI, and such are used to determine how to handle that packet. SPI can note that the packet is not part of a created state between two hosts, is not proper in flag(s), and therefore will drop the packet. If it was proper then ACL and other rules can apply still. If withstanding the rules, it will then be passed on down to the host.

 

[Shikami]

I would like some help with choosing a cable router and/or firewall for my home/office network. I am not technically savvie and am somewhat confused on whether i need a separate hardware firewall or if a router firewall is good enough.

Security is just as much equally part of practice behind the features at the end user's end as it is with hardware and software. You can still be compromised easily by clicking on something with firewalls and such in place. There is no real security that can make you "perfect."

Oddly, enough I never use egress firewalls, and never like to use software firewalls for my personal use; I never believed in mangling the packet too much for home use. The funny thing is, so far, I have never been hacked, but a previous bank I was with and other "big" businesses have been (q.v.Wachovia., Target)

Your speed is going to be more of a allocated bandwidth issue, more likely, than a router limiting your speed. Most routers today can handle a good amount of users in a household. But if the bandwidth allocated to it is limited, so will the experience of the users, and more so the experience will be affected as the need for bandwidth increases between them.

QoS is a kludge for this, because the only way to fix bandwidth issues is with more bandwidth. In America we are screwed with these monopolies, and duopolies. Meaning, your choices for cost to bandwidth ratio, and amount of allowable resources are not, most likely, much and much worth it.

Although, you can set up a VPN and segregate your business network from your home network, as a better security precaution, but now you will be getting into areas that may lack knowledge. As security increases the inverse is applied; the ability to work decreases. You will have to ask yourself how do you wish to practice security, and then also how you wish to implement it.

Personally, my router, some very good antivirus, and good practices are all I go by for home use.