Linux Firewall or Router w. SPI

  • tom2002
  • Novice
  • Novice
  • tom2002
  • Posts: 16
  • Loc: Eugene, OR

Post 3+ Months Ago

I know I could probably start this on the hardware side of the boards, but I am curious as to people's opinion on whether a PC with a firewall like "Smoothwall" installed would be more secure, or perform better then my D-Link Router with Stateful Packet Inspection (SPI) and Network Address Translation (NAT) enabled?


PS: Just so you understand the complexity of my network. I currently have several machines behind my router, none of them have firewall software, nor do I want them to have that software. I am considering adding/replacing to the router with the Linux Firewall, if it is "justifiable".
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • Bogey
  • Genius
  • Genius
  • Bogey
  • Posts: 8395
  • Loc: USA

Post 3+ Months Ago

How about both? Although I believe a router could be adequate enough or firewall would be good enough I also believe it couldn't hurt if you have them both reinforcing each other and optimizing the security and well-being of your computer...
  • tom2002
  • Novice
  • Novice
  • tom2002
  • Posts: 16
  • Loc: Eugene, OR

Post 3+ Months Ago

Bogey wrote:
How about both? Although I believe a router could be adequate enough or firewall would be good enough I also believe it couldn't hurt if you have them both reinforcing each other and optimizing the security and well-being of your computer...


Would you have the router in front of or behind the firewall :?:
  • Bogey
  • Genius
  • Genius
  • Bogey
  • Posts: 8395
  • Loc: USA

Post 3+ Months Ago

I think behind... I'm not sure though.
  • Daemonguy
  • Moderator
  • Web Master
  • User avatar
  • Posts: 2700
  • Loc: Somewhere outside the box in Sarasota, FL.

Post 3+ Months Ago

<insert opinion here>

The answer to the initial question of 'which is better...' is both.

If you can afford a top-notch hardware FW abstraction, such as a Cisco Pix then go for it.
If you are talking about the difference between a Linksys router (whose 'firewall' functions are at best, state-enhanced routing statements) and a machine that is running a stateful, deep-packet inspection firewall package on appropriate hardware for the traffic levels at 3*Peak+Average, built by someone who has a handle on the phrase, internet security -- then perhaps not.

You also need to be careful as to how you place multiple inspection devices in line; if the system makes use of NATs (network address translation tables) and you end up with a double NAT, your ability to VPN is greatly reduced to nominally zilch.

Personally I run a firewall of my own design -- in that I chose the OS, and run the pf firewall with my own configurations.

There's a great deal to consider when choosing to control one's own security destiny -- but the road, while long and arduous is worth the trip. ;)
  • tom2002
  • Novice
  • Novice
  • tom2002
  • Posts: 16
  • Loc: Eugene, OR

Post 3+ Months Ago

Daemonguy wrote:
<insert opinion here>

The answer to the initial question of 'which is better...' is both.

If you can afford a top-notch hardware FW abstraction, such as a Cisco Pix then go for it.
If you are talking about the difference between a Linksys router (whose 'firewall' functions are at best, state-enhanced routing statements) and a machine that is running a stateful, deep-packet inspection firewall package on appropriate hardware for the traffic levels at 3*Peak+Average, built by someone who has a handle on the phrase, internet security -- then perhaps not.

You also need to be careful as to how you place multiple inspection devices in line; if the system makes use of NATs (network address translation tables) and you end up with a double NAT, your ability to VPN is greatly reduced to nominally zilch.

Personally I run a firewall of my own design -- in that I chose the OS, and run the pf firewall with my own configurations.

There's a great deal to consider when choosing to control one's own security destiny -- but the road, while long and arduous is worth the trip. ;)


I am not sure that I completely understand your answer, however, I do understand that a Cisco Pix would be optimal, but the Pix is not in my budget.

I also understand that a double NAT could be problematic.

While I could disable NAT and even SPI on the router, I guess my question is which offers a more secure, but yet workable firewall. I am not a company, so I don't have a ton of machines, I am not into gaming, however, I like the idea of being able to stream video. VPN with my university is also a requirement, which uses Cisco client software. I guess I am not sure what my router could offer to the security mix.

I am very concerned about Chinese hackers. They seem to be everywhere these days. My whole life is on my hard drives, and I want to protect my sensitive data. Yes, I do backup my data, as matter of fact in multiple ways, even with on-line, off-site facilities. I just want to keep the bad guys out, but I am not a security expert, and I am not able to afford one either. I don't understand how hackers do their thing, but I also don't want to try to do the types of things they do.

Thanks for your help.

Post Information

  • Total Posts in this topic: 6 posts
  • Users browsing this forum: No registered users and 22 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
cron
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.