Use of a router together with a DSL modem
GR
Enthusiast - Level 3

Hello Group,

I have some questions regarding the use of a Robotics 8054
router between a Westell 6100 DSL modem and my only PC.
Both connections are by cable. No wifi is used. The internet
service is provided by Verizon.

There is an antivirus  program, a spyware defense program
as well as the ZoneAlarm firewall installed on the PC.


I have access to and from the Internet for e-mail and surfing
with the router in place and ZoneAlarm turned off or on.

If however I try to download updates for the antivirus for example,
with ZoneAlarm turned on ( and the router turned on), Zone-
Alarm asks for permission to access the net. When I do the
same with ZoneAlarm turned off, no permission is asked and
the download proceeds.

There are therefore two questions which arise:
1.) How can I be sure that the router adds any security over
and above that of ZoneAlarm?

2.) How is the question whether to access the internet

resolved, when ZoneAlarm is off and only the router is between

the DSL modem and my PC?

Details which may be of interest are:
I went to 192.168.123.254 and set up as admin, providing
a password.
LAN IP Address is 192.168.123.254
LAN Subnet Mask is 255.255.255.0
DHSP Server is enabled.
Range Start 192.168.123.100
Range End  192.168.123.199
Obtain IP automatically (DHCP client) is checked.

Is there anybody who has answers?

Thank you,
GR.

0 Likes
Re: Use of a router together with a DSL modem
dslr595148
Community Leader
Community Leader
#1 Is this the free version OR one of the pay version(s)?

One example of the paid versions, is ZoneAlarm Pro.

http://www.portforward.com/english/softwarefw/ZoneAlarmPro/ZoneAlarmProindex.htm

^^

#2 Since wireless is not being used, did you turn off Wireless in the router?
Message Edited by dslr595148 on 06-27-2009 02:40 PM
0 Likes
Re: Use of a router together with a DSL modem
GR
Enthusiast - Level 3

Hello dslr....,

 

The ZoneAlarm firewall is the free version.

 

I have turned off the wireless feature in the router wizard.

 

In the meantime I also have checked the Westell 6100 Modem and it

is set in Bridge mode. I did not change that.

 

GR.

0 Likes
Re: Use of a router together with a DSL modem
dslr595148
Community Leader
Community Leader
Ok.

#1 From the net to you:

a) Your router protects you from traffic from the Internet.

b) Your software firewall protects you from traffic with-in the same LAN (applies that you are behind a NAT router that is in NAT mode, and applies that is other computers besides your own).

c) If you were not behind a router in NAT mode, your software firewall protects you from traffic from the Internet.

--

#2 From you to the net.

The software firewall tries to protect you software on your machine from "calling home".

b) And not one is perfect.

Source(s) that not one is perfect:

http://www.matousec.com/projects/proactive-security-challenge/

http://www.testmypcsecurity.com/view_results.html

#3 I know that you already have ZoneAlarm installed, but here is a tutorial that you may find interesting.

http://www.markusjansson.net/eza.html

PS. Some of the stuff, I already told you..
0 Likes
Re: Use of a router together with a DSL modem
GR
Enthusiast - Level 3

Hello dslr....,

Thanks for your explanations. I hope you do not mind if I
add more questions for you:

1.) You say the router protects me from traffic from the Internet.
How does the router provide this protection? Do I understand
correctly that it makes my PC invisible to the Wide Area Net?
If it does that, how can I call up webpages to be sent to me if
I am not visible?

2.) Since I am the only PC on the router and modem, I do not
need any protection from the Local Area Network. Is that true?

3.) Finally, since I do have a Local Area Network consisting of
one computer, do I really need the router or would the Network
Address Transformation of the modem itself not do the same
job? Going further, would the software firewall alone not do the
job equally well as the router or the modem in Network Trans-
formation mode?

I shall have to study the info on the links you provided before
I can go into the problem of traffic from my computer to the
Internet.

Thanks in the meantime
GR.

0 Likes
Re: Use of a router together with a DSL modem
GR
Enthusiast - Level 3

Hello again dslr...,

Now I have looked at the links which you suggested would
provide additional answers to my questions regarding
the use of a router between my PC and a Verizon DSL
modem. This question was, does a router or a modem
with its Net Address Transformation feature compare to
or be superior to a software firewall?

The first link
www.matousec.com/projects/proactive-security-challenge/
provides evaluations of a number of firewall software pro-
grams. Among the top rated are free versions and it appears
that Matousec's evaluations are indeed for some free versions,
even though a close inspection reveals that the free versions
seem to lack very important features available in for pay ver-
sions.

Unfortunately  the fire wall I chose, Zone-Alarm free has its
bigger and for pay brother, Zone-Alarm Pro listed as Not re-
commended.

What I did miss was a brief and understandable description
of how these software firewalls differ from routers or modems
with Network Adress Transformation as far as function and
performance are concerned.

The Matousec link also goes into Antivirus software. There is
a link
http://www.pc-support-help.com/antivirus-software-reviews/
index.php?kwd=con+anti%20virus%20software%20reviews
which tells us that the Paretologic antivirus program is excel-
lent. I had in fact installed a trial version of this program on my
internet PC and found it slowed operation to such an extent
that the PC became unusable and I had to uninstall it. While a
a lack of resources on my PC may have been the cause, this
does point to a lack of a concise description of what operating
systems and what hardware requirements apply in so many
of these ads and evaluations.

I found the link
http://www.testmypcsecurity.com/view_results.html
potentially interesting. It provides access to a large number of
test programs which one may download to test a given PC
for its ability to resist different kinds of attacks by mal- and
spyware. I did not allow any of these downloads. How is one
to be certain, that some of them at least, may not be designed
to place malware on one's machine?

Now to the last link you recommended. It is
http://www.markusjansson.net/eza.html
and interestingly it praises the ZoneAlarm firewall highly by
saying: ".....and install REAL firewall like ZoneAlarm". But this
is exactly the opposite of Matousec's evalution of ZoneAlarm
which in their words was "Not recommended". How then is one
to interpret the validity of these and other claims?

In summary it seems very difficult to find out what works and
what does not. Even an answer to such a simple question as:
"does a router or a modem with their Network Address Trans-
formation features replicate or improve upon a software fire-
wall does? is not to be found."

I wonder whether there are comments out there to my post.

GR.

0 Likes
Re: Use of a router together with a DSL modem
dslr595148
Community Leader
Community Leader
URL: http://www.dslreports.com/faq/13600

Title/Location: All FAQs » Verizon Online DSL FAQ » 4. Hardware » How do I use a router with the Westell 6100?

If you followed that, your modem is acting as a dumb modem.


@GR wrote:

Hello dslr....,

Thanks for your explanations. I hope you do not mind if I
add more questions for you:

1.) You say the router protects me from traffic from the Internet.
How does the router provide this protection? Do I understand
correctly that it makes my PC invisible to the Wide Area Net?
If it does that, how can I call up webpages to be sent to me if
I am not visible?





It appears the question is about both how TCP works, and also how NAT
routers work. Let me try explaining with an example.

Assume a home network with 2 computers, call them A and B. They connect
to the internet through a NAT router. Define "outbound" to be the
direction from the home to the internet, and "inbound" the other direction.

Normally, if computer A wants to connect to something on the internet
(for now, let's say a Google web page), A picks a TCP port it is not
using (let's say it picks 5678), and contacts Google at Google's port
80. Computer B also contacts Google; let's say the source port picked
by B is 6789. (How "random" the source port picks are is debatable;
suffice it to say A and B picked ports they were not already using.)

In the outbound direction the NAT router changes both A and B's IP
address to the router's assigned IP address, so from Google's point of
view it is being contacted by just one IP. However, it is being
contacted with two different source ports (6789 and 6789 in this
example), so two independent TCP connections are set up.

The router keeps track of the port numbers and IP addresses of these
connections, so that inbound traffic on these two connections will be
distinguished by the router (by the port numbers 6789 and 6789 in this
case). The incoming traffic for each connection is forwarded to A and B
appropriately and the two connections do not get intermixed.

The router keeps automatic track of the connections' source port for
computers A and B *only for connection that are initiated outbound*,
i.e., initiated by activity from A and B. It is because NAT routers
normally only allow connections to be initiated from the non-internet
side that they are so good at blocking unwanted internet probes.

If the user wants to accept traffic initiated from the *internet* side,
then the router needs to be configured to allow it. The most common
such kind of NAT router configuration is port forwarding.

I'll stop there and see if this was clear, and what further questions arise.




@GR wrote:


2.) Since I am the only PC on the router and modem, I do not
need any protection from the Local Area Network. Is that true?





I would still have a software firewall of some sort (at least inbound protection) anyways on your computer.

a) What if you think that wireless in the router is turned off, when it really turned on back your back?

Not the best example in the world, but read/listen to:

URL: http://www.grc.com/sn/SN-113.htm

Title/Location: Security Now! with Steve Gibson, Episode 113 for October 11, 2007: Roaming Authentication..

Where they talk about the H2WR54G, hardware version is rev. A, boot code is rev. 1.0, with the runtime of version 1.08...

b) What if you go to a hotel that offers Internet Access? Hate to break it to you, but usually in those area(s), it is really one big LAN.


@GR wrote:


3.) Finally, since I do have a Local Area Network consisting of
one computer, do I really need the router or would the Network
Address Transformation of the modem itself not do the same
job? Going further, would the software firewall alone not do the
job equally well as the router or the modem in Network Trans-
formation mode?




I am not sure, but I will use point to an example of why you might want to (or you may already have) put the modem into bridge mode (besides any FAQ dealing with modem combos and putting them into "bridge mode").

URL: http://www.dslreports.com/forum/r22488064-modemrouter-Westell-6100-DHCP-Lease-fails-to-renew-automatic

Title/Location: DSLR Forums » US Telco Support » Verizon » Verizon Online DSL » [modem/router] Westell 6100, DHCP Lease fails to renew automatic.

0 Likes
Re: Use of a router together with a DSL modem
GR
Enthusiast - Level 3

Hello again,

Thanks dslr. Your explanations in response to my question 1.)
by explaining how TCP and how NAT work are very lucid and
helpful.

Regarding your answer a) to my question 2.), it appears that you
responded as though my only PC was connected by wireless.
It is actually connected by cable. Therefore your considerations
regarding wireless being turned on accidentally in the router
would not really apply. For  a cable connection it would not
make any difference if it was turned on. True? In my case wire-
less is turned off in the router.

Regarding your answer b) to my question 2.). I do not need to
consider the case of connecting in a hotel or at Starbucks. I do
not own a portable and I can't afford to travel. I occasionally go
to Starbuck, but only to have coffee. I connect at home.

Now to question 3.). My DSL modem is in bridge mode. I have
done that, because one of the websites (it was Verizon's site
on Westel's 6100 modem) advised against having two NATs in
series. I have followed this advice without asking for a reason.

Back to your answer a) to my question 2.). In that answer you
give the link http://www.grc.com, a link I have visited in the
meantime and which I found very instructive. I ran the tests
for the security on PCs offered by that site. My setup passed
all tests, except the one related to the ability to have my PC

"pinged". Can you please go over what that means and what I can
do to pass this test.

GR.

0 Likes
Re: Use of a router together with a DSL modem
westom
Contributor - Level 1

@GR wrote:

 My setup passed all tests, except the one related to the ability to have my

 PC"pinged". Can you please go over what that means and what I can
do to pass this test.

GR.


This post will leave dsir595148 to continue explaining.  However an example of using PING and TRACERT to learn what exists and to find problems is demonstrated in another discussion here entitled "Verizon DSL Connection Problems" originally started by lorddonk.  Use those posted examples and the resulting solution to his problem to appreciate dsir595148's answer.

 

 

Message Edited by westom on 06-28-2009 04:05 PM
0 Likes
Re: Use of a router together with a DSL modem
dslr595148
Community Leader
Community Leader
Besides the post by westom. Even if you are not pingable, so what?

You are still trace route-able, and the server that you connect to knows your IP Address. As to why, they (the server that you connected to) know your IP Address, is because that is the way that is works.

---

If you really want to pass the test, fine...


If the screens of your router looks like the guide at

http://portforward.com/english/routers/firewalling/USRobotics/USR8054/DenyIn.htm

I am not sure, but I would believe if you do what they tell you to do, you will pass the test.
0 Likes