Skip to comments.
Does NAT Add Any Additional Security on my Wireless Router? (Tech Vanity)
5/21/2010
| Me
Posted on 05/22/2010 9:39:06 AM PDT by Dallas59
I have an old WRT54G wireless Linksys Router. All my computers go through this to connect to the net. I have access restriction turned on with a list of the MAC addresses of my 5 computers and IP range. Do I need NAT checked and does this add any extra security? At least 2 computers are being used at anytime by us. 3 use XP and the other 2 us W7. All have the Comodo Firewall.
TOPICS: Computers/Internet
KEYWORDS: internet; router; settings
1
posted on
05/22/2010 9:39:06 AM PDT
by
Dallas59
To: Dallas59
I run Comodo firewall on both the main pc (wired) and laptop (wireless) with Linksys router.
The Gibson Research Shields Up tests show my computers as stealth.
http://www.grc.com/su-firewalls.htm
2
posted on
05/22/2010 9:45:53 AM PDT
by
TomGuy
To: Dallas59
3
posted on
05/22/2010 9:47:00 AM PDT
by
Java4Jay
To: Dallas59
In a word, yes.
Network Address Translation adds security to your network and makes it "appear" as one ip address.
4
posted on
05/22/2010 9:47:51 AM PDT
by
red-dawg
(We have learned to stop terrorism on planes by ourselves, it's time to do that in D.C.)
To: Dallas59
Here is what my router info says
NAT Enabling
Before you enable this function, MAKE SURE YOU HAVE SET THE ADMINISTRATOR PASSWORD. Network Address Translation (NAT) is the method by which the router shares the single IP address assigned by your ISP with the computers on your network. Advanced users should only use this function. This function should only be used if your ISP assigns you multiple IP addresses or you need NAT disabled for an advanced system configuration. If you have a single IP address and you turn NAT off, the computers on your network will not be able to access the Internet. Other problems may also occur. Turning off NAT will disable your firewall functions.
5
posted on
05/22/2010 9:49:17 AM PDT
by
UB355
(Slower traffic keep right)
To: TomGuy
Mine does too. I live in an apartment complex with several wireless networks surrounding me. I get pArANoId about someone trying to leech into my network here at home.
6
posted on
05/22/2010 9:49:17 AM PDT
by
Dallas59
(President Robert Gibbs 2009-2013)
To: UB355
I’ve assigned each computer a different IP address. It’s a patchwork system. Two PC’s use Linksys wireless adapters and the other three use NETGear adapters.
7
posted on
05/22/2010 9:53:40 AM PDT
by
Dallas59
(President Robert Gibbs 2009-2013)
To: Dallas59
To: TomGuy
I think he’s wanting to secure his wireless router. Your links help him secure his PC, which should be done too.
9
posted on
05/22/2010 10:16:03 AM PDT
by
BigSkyFreeper
(In 2012: The Rookie and The Wookie get booted from the White House.)
To: Dallas59
Get off that Linksys firmware and get on DD-WRT!!
10
posted on
05/22/2010 10:44:24 AM PDT
by
Michael Barnes
(Call me when the bullets start flying.)
To: Dallas59
With that router (and most ISPs) you need NAT checked if you'll be using it to connect more than one device to the Internet.
NAT does add a layer of security in that your PC is not naked and exposed to the Internet-- some malware goes poking around looking for naked PCs with available IP ports that it can exploit.
Linksys even offered a one-port "router" (maybe they still do) which used NAT to put a bit of separation between the connected PC and the Internet. That means that if you run a scanner like on Gibson Research's site it won't be able to see your computer or poke at its ports.
But NAT while is a good idea, you should still be running a software firewall. And perhaps even more importantly run a good anti-virus/anti-malware utility like
Avast or
Microsoft Security Essentials (both free).
Encrypting your WiFi connection is also essential nowadays, and even legally required in some places like Germany. So, be sure that is turned on. Use WPA2 if your router and PC support it. But even WEP is better than nothing.
This all assumes you're running Windows. I'll spare you my editorial on the wisdom of that... ;-)
Is there some reason you would want to turn NAT off?
11
posted on
05/22/2010 10:51:48 AM PDT
by
RightOnTheLeftCoast
(Obama: running for re-election in '12 or running for Mahdi now? [http://en.wikipedia.org/wiki/Mahdi])
To: Dallas59
old WRT54G wireless Linksys Router.
I’ve got one of those too. Are you telling me it’s obsolete? Dang.
12
posted on
05/22/2010 11:05:32 AM PDT
by
DManA
To: RightOnTheLeftCoast
Didn’t know about it. I looked at the Networks around me and saw five new ones. Most are WEP but some are WPA2. Both of my Linksys adapters don’t have WPA2 (old.) The Linksys router has WPA2. looks like a trip to FRYS is on order.
13
posted on
05/22/2010 11:48:59 AM PDT
by
Dallas59
(President Robert Gibbs 2009-2013)
To: DManA
14
posted on
05/22/2010 11:49:32 AM PDT
by
Dallas59
(President Robert Gibbs 2009-2013)
To: DManA; Dallas59
"Ive got one of those too. Are you telling me its obsolete? Dang."
Don't worry too much about it. Unless you're trading in state secrets, any encryption (even lame ol' WEP) is good enough. The main thing you need to guard against is someone utilizing your bandwidth to deal in kiddie porn, terror planning or similar bad stuff. WEP can be cracked but it's unlikely that your average Bad Guy will bother. I'd just advise letting your router live its natural life and then replace it with a better one (such as the D-Link DIR-655) when the time comes.
But maybe you're concerned about something in particular. Post with a more detailed question or problem-statement if so. For example, WiFi encryption doesn't impact malware issues. NAT, as we've discussed, is a bit of help in that regard. But issues such as email privacy or financial-transaction security are more complex problems and require a multi-layered approach. So, let us know what's on your mind.
15
posted on
05/22/2010 12:38:39 PM PDT
by
RightOnTheLeftCoast
(Obama: running for re-election in '12 or running for Mahdi now? [http://en.wikipedia.org/wiki/Mahdi])
To: Dallas59
You ABSOLUTELY want to run NAT, and configure your home network to an odd-ball IP address like: 2.3.2.xxx with a mask of 255.255.255.128.
That same router has a Firewall function that should be turned on in ADDITION to your PC Firewalls.
16
posted on
05/22/2010 1:35:48 PM PDT
by
Mariner
(The first Presidential candidate to call for deportation, wins.)
To: RightOnTheLeftCoast
Thank you. No it’s been pretty trouble free.
17
posted on
05/22/2010 2:36:40 PM PDT
by
DManA
To: Dallas59
I use NAT. Many newer routers have it enabled by default.
I don't use use MAC address filtering -- it's easy to spoof. I don't hide my SSID because it actually decreases security. Neither do I disable DHCP.
You should enable SPI, though it's effectiveness depends on your router. Cheaper routers don't necessarily inspect the packet headers.
I spent an entire Saturday about six months ago trying to hack into my Wi-Fi with the latest and greatest tools. I couldn't do it.
For what it's worth, you can make a Windows system just as secure as a Linux or Mac system. I use Windows 7, Ubuntu, and Mandriva at home and am also testing Chrome OS builds. Each have their strengths and weaknesses. While there are a certainly a lot more attackers targetting Windows systems, security is ultimately the responsibility of the user.
To: Dallas59
Oops, I meant to say that I disable DHCP. Use static addresses instead and don't choose from the beginning of the range that your router supports. Hackers often hone in on common addresses like 192.168.0.1.
To: Dallas59
What revision is your router? I have the same model. Running on linksys firmware, I never “saw” the whole of all memory in the router. Plus, the linksys firmware is proven to run SLOWER than dd-wrt. If you have Rev. 03 like I do, there is 32MB of physical memory. Additionally, dd-wrt offers far better access lists for wireless based on MAC addresses. You can also set much stronger wireless encryption on dd-wrt than you can with linksys firmware.
http://www.dd-wrt.com/site/index
20
posted on
05/22/2010 4:23:13 PM PDT
by
Michael Barnes
(Call me when the bullets start flying.)
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson