Broadband routers: security
There are two main types of security features that are available in broadband routers, NAT and SPI.
SPI is a technology used in firewalls that, instead of simply hiding an IP address from the Internet, will look at each individual packet for information such as its source and destination addresses and the protocol that is being used, in order to take certain actions based upon a set of pre-established criteria. SPI can be used to prevent Denial of Service (DoS) attacks, since the contents within the packet are known.
SPI in firewalls provide a greater level of security, and as a result, is generally more expensive than a NAT router. Firewalls give the administrator the ability to set up specific IP addresses or domain names that are accessible while refusing the rest (filtering). Firewalls may also allow remote access to the private network through the use of secure login procedures and authentication certificates (Virtual Private Networks, or VPNs). Firewalls are used to prevent DoS attacks and can use software to provide content filtering to deny access to unwanted Web sites. There are also extensive reporting capabilities, known as an Intrusion Detection System.
DMZ and Port Forwarding
Many routers allow a single computer (usually a server) to be placed in a Demilitarised Zone or DMZ. A DMZ allows you to assign one (of many) devices to be attached to the router, but not protected by it. This allows the use of a few servers that are available publicly from the Internet, as well as a local network of machines that are protected by the router. It´s not a feature that sees a lot of use in the home environment, but more so in the business area.
Port forwarding is not really a security feature, but rather a way to get around some of the limitations imposed by the security provided by NAT. When another computer attempts to talk to yours, it connects via a certain port. Various ports have been defined for particular uses, and others are for general use; for instance if you run a Web server, to make Web pages available to the internet from your computer, other computers will typically attempt to connect to yours on port 80. However if the machine with the modem is running a firewall, port 80 will generally be blocked. Port forwarding refers to a firewall´s ability to forward requests that arrive on a given port to a different computer on the local network that is running a server.
What will work, and what won't?
The quick answer is that almost everything you currently use on the Internet should work, with little or no reconfiguration. A few applications have been known to cause problems, the most difficult being video chat applications like Microsoft´s Netmeeting and Yahoo Instant Messenger´s video chat that use the h.323 protocol. It´s possible to make them work in a limited sense using port forwarding, with this generally allowing you to send but not receive video calls. Another problematic application is DCC chat and file transfer within IRC, but that´s usually remedied by changing a few settings in your IRC client. Another possible area of problems is online gaming, however it´s becoming very common for support areas for these games to offer port forwarding settings for firewalls to allow their games to operate normally. Firewall support is becoming better and better, as firewalls and gateways become increasingly popular.
1%
4%
