I currently run one PC with Windows XP Home with a second one arriving shortly. To take advantage of my Telewest broadband connection I plan to instal a wireless router and think I understand how to do this. At present the existing PC has AVG anti virus and a Zone Alarm firewall and I would plan to do the same with the new one. However I keep seeing references to the router having a hardware firewall. Could somebody explain how this works and whether I would still need Zone Alarm or does the hardware replace this.

Thanks

g45

The "hardware" firewall would be running software which checks all packets from the Internet, and decides if they're related to packets sent out by your computers. If they are, then you can allow them - if they're unsolicited, you can block them. You can also control the types of connections from your computers which are allowed out.

Some would say the hardware firewall replaces ZoneAlarm.

I would say keep ZoneAlarm, and configure the hardware filewall to disallow ALL incoming connections, and ALLOW ONLY connections of the types you'd like, for example web traffic, Instant Messaging (MSN/AOL and the like) and any others.

Why ? The hardware firewall will stop any attempts to access your network from the Internet. However, spyware / malware / adware on your PC may try to connect to sites from your PC - and ZoneAlarm will stop that.

What Nr Fairy said.

Hardware firewalls are also great when it comes to setting up a new computer, as you don't have to worry about some virus sneaking onto your computer before you get all of your firewll and anti-virus software installed. Not such a big deal with WinXP SP2, but not everyone installs that yet.

After that, the software firewall will keep things like key loggers from phoning home. Consumer level routers with built in firewalls just assume anything coming from your PC that is going to the internet is legit and will not stop it.

goates

Dig that old PC* out of the closet and install Freesco [ http://www.freesco.org/ ] on it. Freesco is a tiny free Linux distro (runs off a stiffy) that does firewalling and NAT. Ridiculously easy to install and setup. FREESCO (stands for FREE ciSCO) is a free replacement for commercial routers supporting up to 10 ethernet/arcnet/token_ring/arlan network cards and up to 10 modems. Web control panel. Been using it for a couple of years now facing the Net for my home network and no intrusions (lots of tries though!)

* Pentium class better (you can use a PCI network card), but 386/486 possible. 8MB RAM suggested, Serial port must have a 16550A UART (8250A/B won't work) if you're using a modem.

Have a look at smoothwall for another Linux based firewall, boots form cd, easy to configure.

http://www.smoothwall.org/

As Mac say's a good use for an old PC - anyone need an onld PC, they seem to be breeding here...

My own interpretation of an appropriate hardware firewall solution for the home user is the firewall functionality provided in such routers as the Netgear DG834G - I mention this one becuase it's the one I use, but no doubt others on the market also have this functionality.

Businesses and other organisations have security requirements that the home user doesn't - for instance, multiple security domains (one for publicly available Web servers, one for the corporate network); provision of remote access for staff/business partners; and sophisticated "stateful inspection" filtering.

Most home users, I think it's fair to say, have no requirement to allow inbound sessions, and only have the one security domain, as they typically have their web site hosted by their ISP.

So while I imagine that things like Freesco and smoothwall are excellent products and an interesting way of using an old PC (you mean anything these days will work in 8MB?!), I can't help wondering whether home broadband users - at least those with multiple connected PCs - would be better off looking for firewall functionality in an ADSL router.

I use a DG834G. At the moment, it's set to block all inbound connections, and allow all outbound ones - the reason for this variance with my advice above is that FTP breaks and I can't be arsed playing about with passive FTP - why Netgear can't do a reasonable job of FTP I don't know !

I have ZoneAlarm on both my own PCs - the work one has some Symantec crap !