ROUTER / DEDICATED FIREWALL
ROUTER
A router is a networking device that forwards data packets between computer networks. Routers perform the traffic directing functions on the Internet. Data sent through the internet, such as a web page or email, is in the form of data packets. A packet is typically forwarded from one router to another router through the networks that constitute an internet work until it reaches its destination node.
A router is connected to two or more data lines from different networks. When a data packet comes in on one of the lines, the router reads the network address information in the packet to determine the ultimate destination. Then, using information in its routing table or routing policy, it directs the packet to the next network on its journey.
The most familiar type of routers are home and small office routers that simply forward IP packets between the home computers and the Internet. An example of a router would be the owner’s cable or DSL router, which connects to the Internet through an Internet service provider (ISP). More sophisticated routers, such as enterprise routers, connect large business or ISP networks up to the powerful core routers that forward data at high speed along the optical fiber lines of the Internet backbone. Though routers are typically dedicated hardware devices, software-based routers also exist.
After this nice Definition its best to say a Router is not a Firewall. A Router might have a Firewall installed in it, to allow for extra protection.
Recommendations for a Router Business or home
- Always change the default password
- Make sure it has a firewall and it is turned ON
- If its a Wireless Router (TURN OFF WPS- Wireless Protection Setup)
- Rename the router from default names such as “linksys”
- Make sure Firmware is up to date
Dedicated Firewall(hardware)
A business class firewall employs multiple layers of security measures to ensure your network is safe. The following 3 items are a MUST HAVE when considering protecting your private network :
- Traffic Scanning and Monitoring
- Scan network traffic in real-time for malware and spyware, and block such attempts at the firewall level before it ever makes it to the PC.
- Specify policy for users across the office for internet accessibility and filtering options for blocking social sites, personal email and games.
- Intrusion Detection System
- Track and monitor your bandwidth requirement based on the bandwidth usage across the firewalls. Analysis of firewall traffic logs is vital to understanding network and bandwidth usage and plays an important role in business risk assessment.
- View logs of intrusion attempts or remote access attempts that may originate from a 3rd party or disgruntled employee.
- Application control
- Prevent unauthorized applications from running on the network and slowing it down.
- Force acceptable Internet use policies that are mandated by company policy or culture.
Business class Firewall Routers may cost more money, and have subscription based protection, but they do afford to the business a better chance to protect themselves.
Recommendations
- Make sure the Firewall is ON
- Make sure Definitions or Firmware is the most recent
- IF the router has IDS or IPS look into turn these features ON.
- Always Keep log Files from the router/firewall