I posed the question to myself of "How does a router protect" based on my curiosity on what something I remembered that a router is already acting as a firewall. So I googled on the topic and found some very interesting results. The google results are listed below. But first, my summary is this:
1. Router uses NAT to protect computers connected behind the router.
2. The Router NAT technique protects outside attempts to talk to the computers behind the router - ie blocks inbound traffic.
3. But Router NAT does not by default block outbound traffic. A computer already infected may call outside to its base and get information or commands back.
4. Some say router is enough, other say software firewall is necessary.
5. Router NAT does not protect against computers or configuration which uses:
- VPN - to connect into a company's network from home securely.
- Port Forwarding - required when running a web server.
- DMZ - used by gamers sometimes to enable playing network games.
Any of these will by pass the NAT protection mechanism and expose the home computer and others on the network.
Setting up Cascading Router (LAN to LAN or WAN to LAN)
http://www.linksys.com/au/support-article?articleNum=132275
Using A Modem and Router combination
Internet -> ADSL Modem -> Router -> Device
(WAN stands for Wide Area Network and is the IP address given to you by the Internet service provider)
Double Nat
http://www.howtogeek.com/255206/how-use-your-router-and-isps-modemrouter-combo-in-tandem/
To overcome the Double NAT problem, one way is to use Bridging.
Switch the Modem into Bridge mode.
"Bridging is simply an old networking technique that transparently links two different networks."
Consequences:
- the modem will become a modem only, with have no effective routing functions.
- no devices can be connected directly to the modem unit
- no devices cab be wirelessly connected directly to the modem unit
https://www.cnet.com/how-to/home-networking-explained-part-8-cable-modem-shopping-tips/
On the other hand, it's a little bit more work to add a Wi-Fi router to your existing gateway.
1.you need to connect the new router's WAN (or Internet) port to the gateway.
2.make sure that the new router has a different IP address from that of the gateway. (Chances are they are already different, but if not, you will need to change that of the new router before plugging it to the gateway.)
3. And finally, apart from turning off the Wi-Fi network of the old gateway, if you want the new router to get the WAN IP address, you will need to configure the gateway to pass that to the router. The means of doing this varies depending on the gateway itself. The passing of the WAN IP address is only necessary if you want to set up customized Internet-related services, such as those mentioned in Part 9 of this series.
The Ultimate Modem/Router Setup Thread
http://www.tomshardware.com/forum/33700-42-ultimate-modem-router-setup-thread
When is an NAT router inadequate protection?
http://www.dslreports.com/faq/9787
temporary mirrored at:
http://xtechnotes.blogspot.com.au/2012/04/when-is-nat-router-inadequate.html
How Does A Router Protect My Computer?
http://www.askageek.com/2006/10/17/how-does-a-router-protect-my-computer/
A Router Can Protect your Computer
http://www.compukiss.com/articles/a-router-can-protect-your-computer.html
To what extent does the firewall on a router protect you?
http://askville.amazon.com/extent-firewall-router-protect/AnswerViewer.do?requestId=747083
How does a router protect you?
http://forums.cnet.com/7726-6035_102-5152551.html
Does my router have a firewall or not?
http://ask-leo.com/does_my_router_have_a_firewall_or_not.html
How do I protect users on my network from each other?
http://ask-leo.com/how_do_i_protect_users_on_my_network_from_each_other.html
info on dual router layer / double NATing architecture.
Posts
No comments:
Post a Comment