I'm getting a DSL connection and need a router/switch so two computers can share it. I might as well add a firewall router type for more security. Are any better or worse than the others. I'm thinking in the $100-150 range but I haven't priced anything yet. What will keep the hackers at bay?

Use linux! best firewall/router I know of.

Linux is free to download and all you'll need to buy is one NIC card (somewhere around $20 or less). assuming both you PCs have one NIC card already. one PC becomes a router/firewall (you can still use it for other stuff) ther other PC's connection goes through the linux router/firewall, thus the NIC card to buy.

Some firewall/router distros:
Smoothwall
Devil Linux
IPCop

or

you could buy a linksys router $50 - $120 (some have zonealarm firewall options)
or a D-link one, but I like Linksys better.

I have this one at home, works great.  A firewall /vpn with 4 port switch (it acts like a router though)
www.newegg.com/Product/Product.asp?Item=N82E16833122081
$10 rebate, free shipping

Linksys wired or wireless router. They all have firewalls on them. That is all that really someone at home needs.

-d

Quoted: Linksys wired or wireless router. They all have firewalls on them. That is all that really someone at home needs. -d

+1

When you beome l33t, then you can go with a SonicWALL.

Linksys

Along with a Linksys wired/wireless router, I have also installed zonealarm pro on all of my computers.

Quoted: Along with a Linksys wired/wireless router, I have also installed zonealarm pro on all of my computers.

Why? Total overkill, not to mention probably causing more problems that it is solving.

-d

Quoted: Quoted: Along with a Linksys wired/wireless router, I have also installed zonealarm pro on all of my computers. Why? Total overkill, not to mention probably causing more problems that it is solving. -d

+1

Zone alarm along with a harware router is completely pointless, and is just wasting system resources.  

Quoted: Quoted: Linksys wired or wireless router. They all have firewalls on them. That is all that really someone at home needs. -d +1 When you beome l33t, then you can go with a SonicWALL.

YUP.  Sonicwall VPN hardware firewall.  Using one now.


Linksys is a good choice for home use.  Very cheap these days.

Quoted: Quoted: Quoted: Along with a Linksys wired/wireless router, I have also installed zonealarm pro on all of my computers. Why? Total overkill, not to mention probably causing more problems that it is solving. -d +1 Zone alarm along with a harware router is completely pointless, and is just wasting system resources.

Tell me just how it is "overkill"?   Your router is not going detect processes on your pc you dont want running, nor detect a rogue program trying to use your system, so oh wise one?

Quoted: Quoted: Quoted: Quoted: Along with a Linksys wired/wireless router, I have also installed zonealarm pro on all of my computers. Why? Total overkill, not to mention probably causing more problems that it is solving. -d +1 Zone alarm along with a harware router is completely pointless, and is just wasting system resources.   Tell me just how it is "overkill"?   Your router is not going detect processes on your pc you dont want running, nor detect a rogue program trying to use your system, so oh wise one?

Spybot

Ad-aware

HijackThis!

All FAR superior at those functions than ZoneAlarm could ever be.

Besides, only the lowly winblows users have to worry about that stuff anyways.

Quoted: Quoted: Quoted: Quoted: Along with a Linksys wired/wireless router, I have also installed zonealarm pro on all of my computers. Why? Total overkill, not to mention probably causing more problems that it is solving. -d +1 Zone alarm along with a harware router is completely pointless, and is just wasting system resources.   Tell me just how it is "overkill"?   Your router is not going detect processes on your pc you dont want running, nor detect a rogue program trying to use your system, so oh wise one?

Firewalls aren't designed to catch programs running on your pc.. they are there to block data from going in and out. No one needs a software firewall if they already have a hardware one. A) they take away resources from your pc, B) a lot of the settings are redundant with your hw firewall, and c) software firewall just suck :)

-d

Quoted: Quoted: Quoted: Quoted: Quoted: Along with a Linksys wired/wireless router, I have also installed zonealarm pro on all of my computers. Why? Total overkill, not to mention probably causing more problems that it is solving. -d +1 Zone alarm along with a harware router is completely pointless, and is just wasting system resources.   Tell me just how it is "overkill"?   Your router is not going detect processes on your pc you dont want running, nor detect a rogue program trying to use your system, so oh wise one? Spybot Ad-aware HijackThis! All FAR superior at those functions than ZoneAlarm could ever be. Besides, only the lowly winblows users have to worry about that stuff anyways.

+1,000,000 (except that lowly windows thing)

-d

Quoted: Quoted: Quoted: Quoted: Quoted: Quoted: Along with a Linksys wired/wireless router, I have also installed zonealarm pro on all of my computers. Why? Total overkill, not to mention probably causing more problems that it is solving. -d +1 Zone alarm along with a harware router is completely pointless, and is just wasting system resources.   Tell me just how it is "overkill"?   Your router is not going detect processes on your pc you dont want running, nor detect a rogue program trying to use your system, so oh wise one? Spybot Ad-aware HijackThis! All FAR superior at those functions than ZoneAlarm could ever be. Besides, only the lowly winblows users have to worry about that stuff anyways. +1,000,000 (except that lowly windows thing) -d

Quoted: Quoted: Quoted: Quoted: Quoted: Along with a Linksys wired/wireless router, I have also installed zonealarm pro on all of my computers. Why? Total overkill, not to mention probably causing more problems that it is solving. -d +1 Zone alarm along with a harware router is completely pointless, and is just wasting system resources.   Tell me just how it is "overkill"?   Your router is not going detect processes on your pc you dont want running, nor detect a rogue program trying to use your system, so oh wise one? Firewalls aren't designed to catch programs running on your pc.. they are there to block data from going in and out. No one needs a software firewall if they already have a hardware one. A) they take away resources from your pc, B) a lot of the settings are redundant with your hw firewall, and c) software firewall just suck :) -d

I guess we will have to agree to "disagree" as I disagree with you. If you want to hedge the protection of your pc/pc's on a simple $50 non-intelligent router, go right ahead.

Quoted: Quoted: Quoted: Quoted: Quoted: Quoted: Along with a Linksys wired/wireless router, I have also installed zonealarm pro on all of my computers. Why? Total overkill, not to mention probably causing more problems that it is solving. -d +1 Zone alarm along with a harware router is completely pointless, and is just wasting system resources.   Tell me just how it is "overkill"?   Your router is not going detect processes on your pc you dont want running, nor detect a rogue program trying to use your system, so oh wise one? Firewalls aren't designed to catch programs running on your pc.. they are there to block data from going in and out. No one needs a software firewall if they already have a hardware one. A) they take away resources from your pc, B) a lot of the settings are redundant with your hw firewall, and c) software firewall just suck :) -d I guess we will have to agree to "disagree" as I disagree with you. If you want to hedge the protection of your pc/pc's on a simple $50 non-intelligent router, go right ahead.

And if you want to hedge the protection of your pc on an even less intelligent resource hog, go right ahead.

Quoted: Quoted: Quoted: Quoted: Quoted: Along with a Linksys wired/wireless router, I have also installed zonealarm pro on all of my computers. Why? Total overkill, not to mention probably causing more problems that it is solving. -d +1 Zone alarm along with a harware router is completely pointless, and is just wasting system resources.   Tell me just how it is "overkill"?   Your router is not going detect processes on your pc you dont want running, nor detect a rogue program trying to use your system, so oh wise one? Firewalls aren't designed to catch programs running on your pc.. they are there to block data from going in and out. No one needs a software firewall if they already have a hardware one. A) they take away resources from your pc, B) a lot of the settings are redundant with your hw firewall, and c) software firewall just suck :) -d

You're right, software firewalls are more than worthless when you have a hardware firewall.  They are redudant and slow your computer down without providing any further protection.

Quoted: Quoted: Quoted: Quoted: Quoted: Quoted: Along with a Linksys wired/wireless router, I have also installed zonealarm pro on all of my computers. Why? Total overkill, not to mention probably causing more problems that it is solving. -d +1 Zone alarm along with a harware router is completely pointless, and is just wasting system resources.   Tell me just how it is "overkill"?   Your router is not going detect processes on your pc you dont want running, nor detect a rogue program trying to use your system, so oh wise one? Firewalls aren't designed to catch programs running on your pc.. they are there to block data from going in and out. No one needs a software firewall if they already have a hardware one. A) they take away resources from your pc, B) a lot of the settings are redundant with your hw firewall, and c) software firewall just suck :) -d I guess we will have to agree to "disagree" as I disagree with you. If you want to hedge the protection of your pc/pc's on a simple $50 non-intelligent router, go right ahead.

You can disagree all you want, you are still wrong.

Quoted: Quoted: Quoted: Quoted: Quoted: Quoted: Quoted: Along with a Linksys wired/wireless router, I have also installed zonealarm pro on all of my computers. Why? Total overkill, not to mention probably causing more problems that it is solving. -d +1 Zone alarm along with a harware router is completely pointless, and is just wasting system resources.   Tell me just how it is "overkill"?   Your router is not going detect processes on your pc you dont want running, nor detect a rogue program trying to use your system, so oh wise one? Firewalls aren't designed to catch programs running on your pc.. they are there to block data from going in and out. No one needs a software firewall if they already have a hardware one. A) they take away resources from your pc, B) a lot of the settings are redundant with your hw firewall, and c) software firewall just suck :) -d I guess we will have to agree to "disagree" as I disagree with you. If you want to hedge the protection of your pc/pc's on a simple $50 non-intelligent router, go right ahead. You can disagree all you want, you are still wrong.

In your humble opinion.

Quoted: Quoted: Quoted: Quoted: Quoted: Quoted: Quoted: Quoted: Along with a Linksys wired/wireless router, I have also installed zonealarm pro on all of my computers. Why? Total overkill, not to mention probably causing more problems that it is solving. -d +1 Zone alarm along with a harware router is completely pointless, and is just wasting system resources.   Tell me just how it is "overkill"?   Your router is not going detect processes on your pc you dont want running, nor detect a rogue program trying to use your system, so oh wise one? Firewalls aren't designed to catch programs running on your pc.. they are there to block data from going in and out. No one needs a software firewall if they already have a hardware one. A) they take away resources from your pc, B) a lot of the settings are redundant with your hw firewall, and c) software firewall just suck :) -d I guess we will have to agree to "disagree" as I disagree with you. If you want to hedge the protection of your pc/pc's on a simple $50 non-intelligent router, go right ahead. You can disagree all you want, you are still wrong. In your humble opinion.

There is no opinion there, only facts.

I really love the hourglass shape it makes when you quote everyone like that.

Quoted: Quoted: Quoted: Quoted: Quoted: Quoted: Along with a Linksys wired/wireless router, I have also installed zonealarm pro on all of my computers. Why? Total overkill, not to mention probably causing more problems that it is solving. -d +1 Zone alarm along with a harware router is completely pointless, and is just wasting system resources.   Tell me just how it is "overkill"?   Your router is not going detect processes on your pc you dont want running, nor detect a rogue program trying to use your system, so oh wise one? Firewalls aren't designed to catch programs running on your pc.. they are there to block data from going in and out. No one needs a software firewall if they already have a hardware one. A) they take away resources from your pc, B) a lot of the settings are redundant with your hw firewall, and c) software firewall just suck :) -d I guess we will have to agree to "disagree" as I disagree with you. If you want to hedge the protection of your pc/pc's on a simple $50 non-intelligent router, go right ahead.

Well considering that I've installed probably close to 200+ home networks for people.. and have YET to have a person hack into one of their pc's.. I'd say the hw firewalls are doing just fine.

-d

hardware > software

it's probably not the hardware firewalls alone that kept hackers at bay, although they are a key component. Firewall(s), anit-virus, strong alpha-numeric passwords, and software UPDATES! will keep hackers out. Most hackers get in by dumb people not appling security patchs.

Quoted: Well considering that I've installed probably close to 200+ home networks for people.. and have YET to have a person hack into one of their pc's.. I'd say the hw firewalls are doing just fine. -d

This has been my experience with customers as well.

Not only is a software firewall behind a hardware firewall a unnecessary resource hog but the software firewall is likely to cause problems that would be avoided if you did not run it.

Quoted: hardware > software it's probably not the hardware firewalls alone that kept hackers at bay, although they are a key component. Firewall(s), anit-virus, strong alpha-numeric passwords, and software UPDATES! will keep hackers out. Most hackers get in by dumb people not appling security patchs.

Correct. But I'd still stick with a hardware firewall any day of the week over a software one. Guess other people have failed to see the light yet.

-d

Quoted: Quoted: Well considering that I've installed probably close to 200+ home networks for people.. and have YET to have a person hack into one of their pc's.. I'd say the hw firewalls are doing just fine. -d This has been my experience with customers as well. Not only is a software firewall behind a hardware firewall a unnecessary resource hog but the software firewall is likely to cause problems that would be avoided if you did not run it.

It's like wearing two rubbers.  You don't get double the protection, it lowers the effectiveness than if you just wore one!

hardware firewalls are better then software firewalls for one reason. If you do not apply a securtiy patch, forget to apply it, or a patch was just released a few hours agoand you have not applied it. A hacker can use the software vulnerability and exploit your system, the hacker can stop your software firewall becuase it is run as a service. especially if you use a well-known and common software firewall that hackers will know exactly how to shut it down or bypass it alltogether.

Quoted: hardware firewalls are better then software firewalls for one reason.

No.  A hell of a lot more reasons than just one.

Quoted: Quoted: hardware firewalls are better then software firewalls for one reason. No.  A hell of a lot more reasons than just one.

+1

I highly recommend having a router, even for a 1-computer house.  There is a measure of security that a router adds.  I also highly recommend a software firewall installed on each computer in the house.  Here's why:

Consumer-based routers sometimes put the word "firewall" on their box, but this is not a full-fledged firewall.  They're simply describing the normal fuction of the router.  Even the Netgear "firewall" router link above explains that it has "stateful packet inspection."  But the default setting is to block all nonsolicited inbound traffic.  This is what a router does...it takes solicited information and routes it to the soliciting computer.  Nonsolicited information is "dropped."  (though if a DMZ computer was set up on your network, it would go there).  The router inspects inbound data to see which computer solicited the info.  This is not a true firewall, this is a router.

Software firewalls go beyond this by properly inspecting inbound and outbound traffic and allowing/denying based upon a broader set of customizable rules.  A router is customizable too, in many very useful ways, but consumer-based routers have a long way to go to reach the customizations available to match the flexibility of...say...5 installations of Zone Alarm.  

Say you're browsing the web and contract spyware through a requested web page, or perhaps you found a neat tool to download, but it turns out this tool has additional unwanted spyware that reports your browsing habits back to its server.  A consumer-based router will allow the initial download because you requested it.  The outbound traffic will again walk right on by a consumer-router.  And further, if the spyware is particularly hideous and wants to download more spyware, this will also pass a consumer-based router as that would be requested information.

However something such as the free version of ZoneAlarm would balk at a new outbound connection until the user blessed that connection.

Real firewalls are not an install-and-forget affair, they are trained.  This is also true for the high-dollar hardware firewalls.

Hardware > Software

Hardware is nothing without the software.  Hardware devices are simply dedicated hardware running software.  The big advantage to this is that hardware devices with limited logic abilities are more difficult to bypass as the limited logic doesn't allow creative work-arounds.  They still have to be patched, and they can still be hacked.*

They each have their use...
* A consumer-based router will stop 90% of everybody
* "Get both" will bump you up to the 99%+ range
* "The Man" will probably figure out a way to get in anyway.

For those who spell computer with a "K" (such as some friends and relatives of mine)..those "12-o'clock flashers" (where the VCR always flashes 12 because it's too hard for them to figure out)...I recommend a router as a software firewall will pop-up from time to time and confuse them.


Overkill?  Hardly.
Using resources? Definitely using some.  But a 4 year old 1GHz machine would be just fine.





* Granted, the author is of the belief that there is no such thing as a 100% secure system.

Quoted: Hardware is nothing without the software.  Hardware devices are simply dedicated hardware running software.  The big advantage to this is that hardware devices with limited logic abilities are more difficult to bypass as the limited logic doesn't allow creative work-arounds.  They still have to be patched, and they can still be hacked.* They each have their use... * A consumer-based router will stop 90% of everybody * "Get both" will bump you up to the 99%+ range * "The Man" will probably figure out a way to get in anyway. For those who spell computer with a "K" (such as some friends and relatives of mine)..those "12-o'clock flashers" (where the VCR always flashes 12 because it's too hard for them to figure out)...I recommend a router as a software firewall will pop-up from time to time and confuse them.

Wow, finally came out and said that...  no shit he doesn't need a corporate level router with firewall or dedicated firewall. It is for home use and if he doesn't go where he shouldn't be going on the internet, he will have no problems with a router w/ firewall from Linksys, D-Link, etc.

Overkill?  Hardly. Using resources? Definitely using some.  But a 4 year old 1GHz machine would be just fine.

It is most definitely overkill. Most software firewalls I have encountered are big resource hogs. I am assuming you are talking about using an old machine as a firewall with Zonealarm on it for the network. I'd say 85% of home users would not know how to set that up or even why they would want to. Home users should stick with the hardware type of firewall as much as they can. I can't tell you how many times I've had to go to customer's homes to "Fix their internet" when they have installed some shit software firewall and clicked on something because they were afraid and then their internet connection was essentially turned off.

* Granted, the author is of the belief that there is no such thing as a 100% secure system.

That goes without saying.

-d

The hardware devices discussed in this thread aren't firewalls despite some of the advertising by Netgear/Linksys/D-Link/etc.  They're excellent devices to be sure and they do provide a fair measure of protection.  However, they don't block outbounds nor solicited inbounds.  Both are common with current spyware.  

Resources:
Yes, software uses resources.  But how much?  Maybe 12-30MB of memory and the CPU cycles should not be reaching 1% on ye olde performance gauge.  I've heard complaints about Norton being a resource hog..PC Mag put it in their review too.  But I've yet to see numbers that measure the difference of different firewall products.  Even avid gamers who spend $100+ on an Audigy to get an extra fps on their gaming still go with an installed firewall as the performance of the CPU-GPU hungry game is negligible with the firewall installed.  

Firewalling (woohoo!  I made a new verb!) is not an inherently computer intensive task at all, but some firewall applications have managed to screw it up ok.  If you have seen any numbers on firewall software using resources, I'd like to see them, I've looked, but my Google-Fu is weak tonight.

The 1GHz machine I'm referring to is the user's main system.  Not a gateway.  I've run 733MHz machines with each popular firewall out there without problem.  I do that as each version comes out.  I've recently moved to a 2.6GHz testbed for that task (and alsorun some other stuff with it too).