As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread: https://forums.penny-arcade.com/discussion/240191/forum-advertisement-faq-and-reports-thread/
Options
New to routers, please advise.
TetraNitroCubane
The DjinneratorAt the bottom of a bottleRegistered User regular
The DjinneratorAt the bottom of a bottleRegistered User regular
Hi all. I've recently realized that it's about time that I broke down and got myself a quality router for my computer equipment and the like, both for security and ease of getting multiple devices online. Unfortunately, I'm a total idiot when it comes to routers, and not only do I have no idea which one to buy, I'm also clueless as to how it will impact my online habits. Currently I'm just using an old Linksys switch, which I assume is a terrible idea now that I think about it. I've heard that a good router can serve as a firewall, or at least make a firewall unnecessary, and the security benefits are appealing to me - though I assume that means that the router must be configured and used properly, which I have no idea how to accomplish.
I currently have one desktop and several gaming consoles that I take online (Four total devices, though only two ever go online at any given time). I've heard that using routers can lead to significant difficulties for online gaming, both on the PC end and with XBL, etc. I don't need, nor do I even want, wireless support on the router. Can anyone please advise me on where to start, or what router might serve the purpose I need? Thanks very much.
I currently have one desktop and several gaming consoles that I take online (Four total devices, though only two ever go online at any given time). I've heard that using routers can lead to significant difficulties for online gaming, both on the PC end and with XBL, etc. I don't need, nor do I even want, wireless support on the router. Can anyone please advise me on where to start, or what router might serve the purpose I need? Thanks very much.
TetraNitroCubane on
0
Posts
Crap, I guess you're right. I was told a long while ago that it was only a switch, but I guess it's a router I've just never configured properly. It's a Linksys BEFSR41.
Thanks for the help - though sorry for the ignorant question.
essentially a router is anything that talks to two or more different interfaces, which forwards traffic between them. A packet comes in on one interface, and the router has to decide:
In the Bad Old Days, you'd buy a Cisco 1600 router and its job would be to route IP between your two properties. IP was strange and exotic back then. The device would be nearly as large as a blade server is now, and it would have only two Ethernet ports, one for each network. Or it'd have one Ethernet port and one CSU/DSU for a T1 or DS1. Or Ethernet/Token Ring, or whatever you needed.
Now you can spend $40 on a device that performs seven separate functions:
If you're curious just about the firewall part, there are a couple of things to understand about security.
Computer security problems basically arise because computers can be tricked. They are gullible. In the worst case, your computer can be tricked into following someone else's instructions instead of your own, and these instructions can be very damaging.
A modern computer has lots of programs which talk to the network. These network-aware programs generally fall into two categories:
1) interactive clients: these work with the user to perform network tasks according to the user's instructions. These serve the user.
2) network services: these work with other machines on the network to offer computer resources to these other machines. These serve the network.
Network services generally work by receiving incoming connections from other computers and doing something with the request. When network services have bugs and flaws which make them gullible, this can create opportunities for people to do bad things to your computer by just talking to the computer -- not tricking the user in any way.
Interactive clients are usually only vulnerable when the user directs the client to talk to a malicious network host. The user didn't mean to tell their computer to let itself be tricked, but the computer is unfortunately tricked into doing something the user didn't want.
A basic router offers only two basic built-in security features:
Network address translation (NAT) will not allow random incoming traffic from the public Internet to reach your machine, unless you have left Universal Plug and Play (UPNP) enabled, or you have used port-forwarding or "DMZ" (ugh) features to manually direct incoming traffic to your computer. So network services can only be exploited from computers who don't need to traverse the router to reach your computer: anyone else connected to the "LAN" side of your computer.
Packet filtering can only differentiate between traffic which talks to different types of servers, because Internet convention is to have different types of servers use different port numbers for their services. You COULD run a web server that listens on port 21, for example, but that would be weird and users would have a little bit more trouble telling their computer to connect to you.
Unfortunately, because of this, you can use packet filtering to block unknown services by blocking port numbers which haven't been expressly allowed; and you can use packet filtering to block specific services you know that you don't want to use. Or you can block services in general, while allowing communication with those services only to specific hosts.
That's really pretty limited -- it does nearly nothing to prevent you from accidentally directing your computer to a site that tricks your computer. There are other methods you can use to protect yourself, and I recommend you also apply some of these if you want to be sure your computer stays secure.
You can make your computer more secure against attacks -- in the same way bullet-resistant armor makes you more "secure" against small arms fire -- by using antivirus and anti-malware software on your computer. This type of protection is not perfect: it operates by assuming that any threat your computer sees will already have been analyzed and defeated by your security product vendor. Eventually you will encounter a threat for which this is not true. You will eventually catch a bullet in the face, as it were, and modern malware is very good at making itself nearly impossible to remove from a running system.
So a good "security suite" helps protect you, but it isn't perfect.
Second, you can protect yourself by changing your browsing behavior, making it less likely that you will direct your computer to visit malicious sites. Use browser software and settings which strengthen it against attack. Be conscious of which types of content and subject matter will be financed by more legitimate or less legitimate sources, and avoid content that seems like to be offered only by criminals. Reduce your chances of visiting "typo" sites by using bookmarks and favorites for common sites, and when you must occasionally use the address bar, check the hostname part of the URL VERY CAREFULLY before submitting the URL. Stop installing adware-supported software.
Third, you can protect yourself by reducing the impact of a successful compromise. Buy spare hard disks and make backups, and keep the backups disconnected from your computer, so you can restore from a full system backup if your computer is compromised. Create and use multiple user accounts on your computer, using fast user switching if possible, and only do "unsafe" things using a low-priviledge user account.
Finally -- only do this if you're technical and you have computing resources to spare -- use a free version of VMware, or use Microsoft Virtual PC, and install multiple virtual machines. Anything that's known to be secure (nearly all Microsoft software, enterprise software, non-ad-supported games from legitimate sources, or anything that requires 3D acceleration) goes on the host OS like normal. Communication tools like email, your main web browser, instant messenging, etc. goes in one VM. Any other work domains (work for your employer, school, etc. where sudden system instability or data loss would be bad for your career) go in their own VMs. Finally any unsafe software, or software used for contact with unsafe network hosts (p2p, a web browser for unsafe sites, anonymizing software if you use it, etc.) goes in a VM that will NEVER be used to process any data you care about, especially anything personally identifable.
Security is a bigger [strike]program[/strike] problem than you can expect to be solved by a fancy, expensive router. If nothing else, security is an arms race -- attackers and defenders constantly defeating what the other does -- and any router you buy will only be able to protect you until someone finds a way to defeat its defenses. You need defense in depth.
Nothing wrong with your question.
XBL Michael Spencer || Wii 6007 6812 1605 7315 || PSN MichaelSpencerJr || Steam Michael_Spencer || Ham NOØK
QRZ || My last known GPS coordinates: FindU or APRS.fi (Car antenna feed line busted -- no ham radio for me X__X )