Hardware Firewall Setup Tips
Firewalls monitor traffic coming (and most monitor going) from your computer.
Hardware firewalls (most routers today include a hardware firewall) filter incoming traffic but cannot do a good job on outbound traffic because they don't know a good program from a bad one. Software firewalls can determine, with your help, good from bad programs. It is essential to have a software firewall (to take care of outbound traffic) even if you have a hardware firewall.
Software firewalls typically have a preset list of good programs that are installed. When a request from a program is not in the firewall's white (good) list, it asks whether it should allow the program to communicate with the internet and you usually answer yes (unless you do not know the program that started the request).
Another advantage to using a hardware firewall is it hides your computer's local area network (or if you're using one computer, that computer) from the outside. To the outside world, your computer(s) looks like a piece of hardware that does not run any operating system, like Windows. Hiding the computers like this is called NAT (network address translation). Note that this does not stop viruses from entering the system via email. The hardware firewall is another road block against hackers.
At this time we do not recommend using hardware firewalls that have new wireless N (802.11n) capability because it has not been finalized. This may cause wireless equipment bought today to be obsolete or incompatible when 802.11n standard is finished. The final version is expected to be ratified in 2008.
We have used the Linksys WRT54G with great success.
Our Recommendation
Not every hardware firewall will have these options.
Update Router Firmware
After installing a router, the latest firmware needs to be downloaded from the vendor's site. Frequently, while a router (or any piece of pc hardware that uses firmware) sits on a store shelf the firmware has been advanced. Security updates, bug fixes, and additional features are reasons for firmware upgrades.
Check every month for new firmware releases. For example, the WRT54G v1.1 has had 16 firmware releases since its initial releases.
Disable UPnP
Most programs do not use UPnP so it is best to disable it.
Disable Remote Management
Unless you plan to manage your router remotely, disable remote management. All a hacker needs is your IP address and administrator password to break in.
Change Administrator Password
The default administrator password is well-known by hackers so it behooves you to change it.
Disable Port 113
Port 113, or IDENT, is a port used for user identification. Most applications do not use this port and it is deemed pretty much useless so disabling it should not cause a problem.
Disable WAN Ping Response
Hackers try to see if a computer's IP address is valid by pinging, or asking (See ICMP), a computer to respond. The hardware firewall can detect this and not respond; thus the hacker thinks the computer doesn't exist.
- Linksys routers - Check the 'Block Anonymous Internet Requests' checkbox.