H
Haggar
Are most brands good for preventing hacking?
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
K
kony
Are most brands good for preventing hacking?
Yes, they do great at preventing windows from having open
ports (exploits) sitting out on the 'net. They don't do
anything for the other common entry points though, like
email/office/etc document viri, browser exploits, wifi
intrusions, etc., though even with some of these if you
actively set up traffic controls rather than only the
inherant firewalling of the NAT feature, you add another
layer of protection against some types of undesirable
traffic.
As for "most brands", it depends on what you want to allow
or prevent beyond the basic routing of traffic. If you
don't know (what else you'd want yet), researching some
networking/security oriented websites prior to purchase
could be a good idea. One set of features will not suit all
users, hence so many models out there.
In general ANY router is far better than no router.
P
Paul
"Haggar" said:Are most brands good for preventing hacking?
NAT (network address translation) is what provides most
of the protection. That is inherent to the way the router
works.
http://www.grc.com/nat/nat.htm
The router cannot stop a trojan from dialing out from
your computer, so if a password logger installed on your
computer, wants to send the results to the Internet, the
router doesn't care. You still need something on the
computer that can detect applications "dialing out", if
you want more complete control over what is going on.
The router is also a pain, if you are attempting to run
a server on the private side of the router. Say you wanted
to offer FTP to people on the Internet. You have to set up
a mapping in the router, so attempts to FTP to your public
address, are forwarded to the correct private address and port
number.
Paul
D
DaveW
Yes.
H
Haggar
K
kony
NAT (network address translation) is what provides most
of the protection. That is inherent to the way the router
works.
http://www.grc.com/nat/nat.htm
The router cannot stop a trojan from dialing out from
your computer, so if a password logger installed on your
computer, wants to send the results to the Internet, the
router doesn't care. You still need something on the
computer that can detect applications "dialing out", if
you want more complete control over what is going on.
The router is also a pain, if you are attempting to run
a server on the private side of the router. Say you wanted
to offer FTP to people on the Internet. You have to set up
a mapping in the router, so attempts to FTP to your public
address, are forwarded to the correct private address and port
number.
While it could be termed a pain to do the port-forwarding,
it is also a desirable feature. If one wants to limit their
incoming and outgoing ports this can also block some (many
of the) logger/trojan/etc communications but as always it
requires a bit more knowledge or research on the part of the
person setting it up to know what ports they need and being
able to troubleshoot if they had attempted to use a new port
but had the router block it by their prior setting(s).
B
Bob
The router is also a pain, if you are attempting to run
a server on the private side of the router. Say you wanted
to offer FTP to people on the Internet. You have to set up
a mapping in the router, so attempts to FTP to your public
address, are forwarded to the correct private address and port
number.
If forwarding a port is a pain, you need to get a friendly router.
BTW, most ISPs block incoming ports to prevent more IIS fiascos.
B
Bob
While it could be termed a pain to do the port-forwarding,
it is also a desirable feature. If one wants to limit their
incoming and outgoing ports this can also block some (many
of the) logger/trojan/etc communications but as always it
requires a bit more knowledge or research on the part of the
person setting it up to know what ports they need and being
able to troubleshoot if they had attempted to use a new port
but had the router block it by their prior setting(s).
But that knowledge is a lot less than the knowledge required to set up
the associated service. IOW, if you know how to set up Apache, then
forwarding port 80 is no sweat.
K
kony
But that knowledge is a lot less than the knowledge required to set up
the associated service. IOW, if you know how to set up Apache, then
forwarding port 80 is no sweat.
Yes, but some things don't have to be set up at all (are
done so automatically by a (software) install(er).
To put it in simplier terms, suppose someone with a PC
doesn't know what ports they need and block everything but
80. They will soon enough find this a problem.