Do I need a hardware router?

Tutor

Do I need a hardware router?

I have a recently purchased  AirCard Sierra 881 installed on my laptop.  I do not currently have any other computers.  Tired of waiting for DSL to arrive I have just converted to wireless after being a long time dialup customer.

Should I be concerned about installing a hardware router or other type of hardware protection to protect my computer from being attacked from the net?  I have XP, SP-2 with all the updates.  I am using the MS provided Firewall and NOD32 for antivirus protection.
 
I am concerned that much like a cable connection, when I am logged on for extended periods that I have a fixed IP address that can be probed.  When I was using dialup, as I understand it, my IP address was changed at each login.  Right now I am assuming that the AT&T Network along with the laptop Firewall provides all the protection that I need.
 
Thoughts?
Message 1 of 6 (3,433 Views)
Master

Re: Do I need a hardware router?

AT&T does not have any firewall protection on their side.  Your only protection is what is on your computer.
 
With the Aircard in your laptop, there is no hardware firewall or other hardware protection that you can use.  A hardware firewall has to go in between the computer and the cable/DSL modem.  In your case the modem is the Aircard.  So the hardware firewall has to go in between the laptop and the Aircard.  Since you plugged the Aircard directly into the laptop, there's no where to "plug in" a hardware firewall.  You could put the Aircard in to certain models of hardware firewall that can take PC cards.  (i.e.: D-Link DIR451.)  But that is not a portable device; it must be plugged in to a AC outlet.  In general, you can't add any hardware security device on a laptop with a cellular card.
 
My laptop gets internet either from a Aircard or from Wi-Fi.  I use the Windows Firewall and AVG antivirus.  For basic websurfing, IMO, this is adequate.  You may want to also run a antispyware app, or get a "suite" like Norton 360 or similar, to give you AV, spyware and a (slightly) better firewall. Me personally. I like to keep the laptop "lightweight" and I don't like some of the heavy handed security suites, which is why I like AVG.  I believe that while the firewall and AV are adequate in most situations, your best protection is to not let your guard down.  Don't go to questionable websites, don't open weird email.  Get a Spam filter for your email, if you're using a program like Outlook or Outlook Express.  (Web based email is a little safer.)  Phishing and identity theft are as much of a concern than virus'.  Phishing and ID theft will probably come through email or other webpages and won't be stopped by firewalls, AV or changing IP addresses.  Think of it like a firewall is locking your car and AV is a arming your car alarm.  But if you park your car in a rough neighborhood, your hubcaps will still get stolen.  And none of that will protect you from having your windows broken.  Your protection is prevention.  Don't go to the bad neighborhood, don't go to the bad website.  (That's an oversimplification, but I hope you get the point.  Smiley Happy )
 
Summary, I think you're ok.  You might be able to add more security, but it would probably be software and not hardware.  Or add more security through "knowledge and vigilance." Beyond that, your only other protection is to not go on the internet.  But that's like leaving the car in the garage and not driving it.  You're gonna have to drive the car sometime, so just be a defensive driver.  (Defensive websurfer.  Smiley Wink  )
Message 2 of 6 (3,427 Views)
Mentor

Re: Do I need a hardware router?

Once again, I agree with asatoran.
 
Lightweight is where it's at. In order of importance;
 
* Common sense - Don't open attachments from e-mail. Full stop. The ONLY exception should be specific attachments which you are already expecting. Be careful with your personal information, don't order anything from spam e-mails... etc.
* AVG - Norton purely, truly blows - unless your goal is to grind your system to a crawl and periodically prevent you from accessing the internet.
* Firefox with AdBlock Plus - Once you surf with AdBlock Plus, you'll be blown away at how "clean" sites look. Firefox goes a LONG way to keeping the nasties away. Not necessarily because it's so awesome (which it is), but because most exploits are targetted for maximum spread - Internet Explorer users.
* Windows Firewall (or other software firewall) -
* Spybot Search & Destroy - It's free and can give you peace of mind to know whether you have picked anything up.
 
In regards to above, I don't even use anti-virus software, and I haven't picked up anything in over five years. Trust me when I say that it's all about opening e-mail attachments - as in, don't do it, even if it's from someone you know (many viruses spoof the "From" person).
 
coreyinoz
Message 3 of 6 (3,419 Views)
Tutor

Re: Do I need a hardware router?

Thank you to asatoran and coreyinoz for their responses.
 
The answers pretty much were along the lines of what I had been able to determine on my own.  I did want some reassurance that I was on the right track.
 
I do try to follow most of their guidelines, I get a little behind on my Spybot and NOD32 virus scans, not running them nearly as often as I should.  Most of my blatant spam gets stopped by Worldnet, the Nigerian banker slips through occasionally.
 
So it seems that if I continue to follow their guidelines and be careful of unsolicited email attachments and strange websites tht I should be reasonably safe.  Or at least as safe as anyone that travels about the web (staying out of Bad Neighborhoods) can be.
 
Thank you again, I hope this post and its replies were informative to others that had the same questions and concerns.
Message 4 of 6 (3,412 Views)

Re: Do I need a hardware router?

What do you mean AT&T uses no hardware firewall asatoran?? Have you ever done a port scan on your computer to see if it's secure or not? Have you ever tried doing a traceroute of packets back to yourself? If you're on the AT&T network with an aircard you're sitting behind a NAT stealthed and that is why you're unable to do any port forwarding because that firewall is blocking it. I just did a full port scan on mine and this was the result:

"Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your sbystem as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice."



asatoran wrote:
AT&T does not have any firewall protection on their side.  Your only protection is what is on your computer.
 
With the Aircard in your laptop, there is no hardware firewall or other hardware protection that you can use.  A hardware firewall has to go in between the computer and the cable/DSL modem.  In your case the modem is the Aircard.  So the hardware firewall has to go in between the laptop and the Aircard.  Since you plugged the Aircard directly into the laptop, there's no where to "plug in" a hardware firewall.  You could put the Aircard in to certain models of hardware firewall that can take PC cards.  (i.e.: D-Link DIR451.)  But that is not a portable device; it must be plugged in to a AC outlet.  In general, you can't add any hardware security device on a laptop with a cellular card.
 
My laptop gets internet either from a Aircard or from Wi-Fi.  I use the Windows Firewall and AVG antivirus.  For basic websurfing, IMO, this is adequate.  You may want to also run a antispyware app, or get a "suite" like Norton 360 or similar, to give you AV, spyware and a (slightly) better firewall. Me personally. I like to keep the laptop "lightweight" and I don't like some of the heavy handed security suites, which is why I like AVG.  I believe that while the firewall and AV are adequate in most situations, your best protection is to not let your guard down.  Don't go to questionable websites, don't open weird email.  Get a Spam filter for your email, if you're using a program like Outlook or Outlook Express.  (Web based email is a little safer.)  Phishing and identity theft are as much of a concern than virus'.  Phishing and ID theft will probably come through email or other webpages and won't be stopped by firewalls, AV or changing IP addresses.  Think of it like a firewall is locking your car and AV is a arming your car alarm.  But if you park your car in a rough neighborhood, your hubcaps will still get stolen.  And none of that will protect you from having your windows broken.  Your protection is prevention.  Don't go to the bad neighborhood, don't go to the bad website.  (That's an oversimplification, but I hope you get the point.  Smiley Happy )
 
Summary, I think you're ok.  You might be able to add more security, but it would probably be software and not hardware.  Or add more security through "knowledge and vigilance." Beyond that, your only other protection is to not go on the internet.  But that's like leaving the car in the garage and not driving it.  You're gonna have to drive the car sometime, so just be a defensive driver.  (Defensive websurfer.  Smiley Wink  )




Message 5 of 6 (3,269 Views)
Highlighted
Master

Re: Do I need a hardware router?

Because NAT by itself is not a firewall.  While consumer grade "firewalls" use NAT as their primary form of protection, and in some cases, the only form of protection, a firewall should also include, but is not limited to, packet inspection and rules based policies.  Granted, NAT does a good job of preventing causal attacks, and for most people, this is sufficient.  But AFAIK, AT&T does not advertise it's use of NAT as a firewall service.
 
If you still think you do not need a firewall on your Aircard connected computer, consider this: the NAT you're referring to is to protect AT&T from the public internet.  This NAT does not protect you from another AT&T customer.  In a basic NAT configuration, all computers inside the firewall can connect to each other.  The firewall does NOT prevent access between computers on the "LAN."  Think of it like the firewall is your front door but all AT&T customers are your roommates.  The front door (firewall) doesn't prevent your roommate from entering your bedroom unless you lock your bedroom door.  So while AT&T may have other security mechanisms to prevent or reduce such internal access or attacks, AT&T does not adverise such protection.  (Probably would open up a bunch of marketing and legal issues that they wouldn't want to get in to.)  So without knowing how AT&T's routers are configured you cannot know if you are protected from other AT&T customers.
 
So while AT&T's use of NAT does give us some protection as a byproduct, firewall services are not guaranteed for AT&T data customers.  Simple answer: use your own firewall for any Aircard connected computer.
Message 6 of 6 (3,264 Views)
Share this topic
Announcements

Welcome to the AT&T Community Forums!!! Stop by the Community How-To section for tips on how to get started.