Two router comparison - Whats too much home router security?

[reaver_shado]

I have two routers D-link DGL-4500 and a Linksys/Cisco WRVS4400N, that i've collected over the years. On a 25/7 Mb/s internet hookup

I currently use the DGL-4500 as a simple NAT (Tried to open it up as much as possible) , and have my synology server, xbox 360, ps3, CISCO routers WAN connected to switch.

Since WRVS440N is small business , thus more "security" i use it for all my PC/laptops, but i can't access my server for streaming. It's all setup, but the main security feature IPS destroys the throughput and thus my 25 mb/s connection (~ 20 mb/s with IPS on, ping up slightly, and upload down).

Don't really use VPN, or L2 switch features. Wish it supported link aggregation, since two pc's and synology support it.

SO basically i'm asking because it caps my speed and reduces the things i can do like stream music, I'm wondering if i turn off IPS is there really any point to using both still? Should i just use the d-link and DMZ my xbox?

Outside of IPS, VPN are these two router really that different? Does DDos protection matter at home?

how much is too much security at home in a network?

Thanks for your replies

 

[thiggins]

If you are opening a lot of ports, any packet-level inspection that the router can provide will provide a bit more security. That said, you need more enterprise-grade gear than the WRVS440N to provide any truly useful packet level inspection.

I can't think of a scenario where DDOS protection will help.

Your best protection is running good anti-virus protection on your clients and using VLANS to put anything that doesn't need Internet access on a no-Internet VLAN.

 

[reaver_shado]

thank you for the reply

Could you clarify:

"If you are opening a lot of ports, any packet-level inspection that the router can provide will provide a bit more security."
- assuming, SPI = packet-level inspection your referring to, I thought Port-forwarding by passed SPI or is this just DMZ

Then to recap and clarify:

-No need for WRVS4400n in my setup, any router with SPI will do.
--DDos not nessessary
-- make sure all PC/laptops have anti-virus

can you define good anti-virus, or provide a link to suggestions?

After I posted this, i was saw some stuff about pfSense, and was wondering if it's worth it to switch over to something like this rather then using one of the routers I have, since i have an old 2 Ghz 1G ram PC laying around.

Is Intrusion protection (SNORT) worth it at home?

 

[thiggins]

- assuming, SPI = packet-level inspection your referring to, I thought Port-forwarding by passed SPI or is this just DMZ

It depends on the router implementation. But port-forwarding or DMZ should not bypass packet inspection. DMZ, by the way, is just a port-forwarding special case in which all ports are forwarded. They still pass through the NAT firewall.

can you define good anti-virus, or provide a link to suggestions?

Any reputable anti-virus should do. The important thing is that it auto-updates at least daily.

After I posted this, i was saw some stuff about pfSense, and was wondering if it's worth it to switch over to something like this rather then using one of the routers I have, since i have an old 2 Ghz 1G ram PC laying around.

Is Intrusion protection (SNORT) worth it at home?

pfSense is a good router, but it's not for newbies. Getting SNORT properly configured is even more difficult.

Others like YeOldeStoneCat may jump in and provide more knowledgeable advice.