JorgeA, on 08 June 2010 - 03:45 PM, said:
Help me to understand. You wrote that your ports are not vulnerable to attack even if a hacker knows which services you're running on which ports. What function/application would it be, then, that is protecting your services, and wouldn't that be called the "firewall"?
No, that is called a carefully written service. For instance I'm running lighttpd (a webserver). Literally thousands of people have been examining the sourcecode, and the last known vulnerabilities have been fixed in 2007. So I dare to expose that server to the internet.
Btw, a firewall won't add any security. You can compare a router with a telephone exchange. An open port is then an extension number. Without extension numbers it's impossible to call a particular phone behind the exchange. But all phones can call out.
When a port is open a peddler could call and try to sell the service (your daughter) an ipod. Maybe it's not a good idea to open that port.
A firewall could be a telephonist, which decides whether or not to connect in incoming call to your daughter. A peddler will never reach your daughter, but her friends can call freely.
On the other hand, when a friend turns out to be a peddler, you'll have a drain in your bank account. In that case you'll need a 'deep packet inspecting firewall', ie a telephonist which listens to the conversation, and pulls the plug when something goes wrong. When your daughter is called by her Chinese friend, the 'deep packet inspecting firewall' won't work because it doesn't understand Chinese.
Because there are many languages a firewall can't do much to protect a weak service when a connection is already made. It can only listen to the conversation (which costs *lots* of CPU power) and hope it will recognize it when the conversation becomes evil. (And hope it's not a false positive).
So you should only forward calls to a bullet-proof service. Your mother-in-law. No way anybody could sell an ipod to her.
Finally, and to go back to the question that started this thread -- in your view, and knowing everything we've discovered about this Westell 6100F, would I need another device in order to adequately protect the various PCs (including or especially the Win98 systems), or is the 6100F enough?
Your Westell is fine. Summarizing:
- All NAT routers have the same inbound protection, which is strong.
- A firewall in a consumer router can give hardly any protection.
So another router would not add any safety. It could only give you more options to arrange your network, but seeing your questions I don't think your are waiting for more options.
Remember that I don't intend to network the various PCs to each other, necessarily.
You already have a network, in which the router is hardly involved. The router only assigns IP addresses to all PC's, and after that all traffic between the PC's is handled by the switch.