If I have an adsl modem, what would I need a dsl/cable router for?

What purpose does it fulfill over an adsl modem and switch combo?

Extra Security? Requires extra steps in order to access your network...

Originally posted by Sevendust@May 15 2005, 11:26 AM
Extra Security? Requires extra steps in order to access your network...
82359


Yup, the standard telstra adsl modem isn't that advanced when it comes to security. It just is a nat box, which hides your internal network, It also drops packets at the router unless the connection was inititated inside the network. Simple and effective. I guess you could call it one way protection.

A decent router would provide a stateful packet inspection(SPI) firewall ruleset. What that means is that is looks at the type of traffic. For instance, a command prompt would be blocked, as would remote desktop protocol. As would a bulk amount of smtp packets.

What SPI firewalls stop is once you have been infected eg with an irc trojan, is that they stop the hackers actually using your connection for any thing. Sure you are compromised but they shouldn't do much.

The real trick is configuring your ruleset. A lot of cheap commercial routers don't offer spi, which is what you really want. The more expensive ones do, such as cisco. Low end netgears are ususally ok. What you need to remember is that your protection is only as good as your configuration, and it will need to updated periodically.

If you do want to go something like cisco, then you need to figure out ios (the cisco way of configuring) which is quite complicated. The other complicated alternative is something like a linux box as your firewall, it adds a - load of the features that any commerical box has but can be tricky to configure iptables/ipchains. I think that low order routers such as netgear have easier graphical/html interfaces to configure their spi stuff. A lot of routers simply use and or steal linux iptables for their routers (see belkin violating the gpl, repeatedly, actually i think acer has been as well, do a google search for henry weltse) so the linux option is really future proofing yourself.

Villan would be a good person to talk about this with. I think quilib and Watto could also add some really interesting comments. Watto got an awesome netgear router that i was thinking about getting. Wireless with a serial port for backup connections, vpn endpoint that sort of thing.

Oh the good routers would also provide an intrusion detection system.

Mouse.

Oh there also is the features side of things. For instance:

Vpn endpoints on the router so you can connect a to your home network over the internet
Some advanced routers have better dns servers
better port forwarding
Better processors for data, for instance, redundant connections, slightly lower pings, etc etc.

I still use a telstra router, work just fine, it is highly modififed tho. A lot of people buy routers because they really don't know that most dsl modems already are routers.

I think cowstaker hit the nail on the head with his last comment, people buy routers, because they dont realise that most modems allready do what they want.

All the other points cowstaker made are correct as well, most people go routers for:

* NAT / PAT
* Firewall
* VPN Endpoint.
* Always on net, without the need for a computer to be on.
* Ease of use.

In the higher end of things, people go routers because they might have multiple public IP addresses in use, and a router is needed to route the traffic appropriately.

NAT is a form of security, but is not really a security solution, alot of people think they are safe because they are behind a natting router, which isn't necessarily true. But most good routers these days come with some form of firewall, the higher end ones supporting SPI.

Ie.. What cowstaker said :P heh

If I have a speedtouch alcatel bigpond jobbie that doesn't have port forwarding (for remote access to my server) would a router do this job?

With a router like this? (http://www.linksys.com/products/product.asp?prid=142&scid=29)

Yes, it would accomplish what your after.

kewl... now to learn how to set it up...

:(

As a general rule, Linksys usually have pretty good interfaces. Shouldn't be hard to setup at all :)

*me loves his LINKSYS WRT64G*
best thing i ever bought for my PC.. appart from an LCD and my sennheisers.

it looks pretty much the same as the ones in your link faux but it has dual wireless antennae.

Well out of the box it works...

matches my WAP54G and I have a matching swtich in the mail...

I looked in the interface which looked like the WAP setup... Just gotta learn how to setup port forwarding for RDP...

I wanna be able to get on my box from work...

port forwarding is VERY easy on the linksys switches.. i think the interface is pretty standard accross there products..

on mine its easy as going to a menu, "application & Gaming"

give it a name, punch in the ports, the protocol and your IP .. tick the box... click save botton..
BAM done!