Sunday, November 21, 2010

Tech question (blegging)

I used to use Vonage. I stopped the service a year or more ago. But my internet connection still runs through the Vonage router before heading down the Ethernet line to my computer. It's not doing any harm, but I can't see that it's doing me any good, either. So the question is this: is there any advantage to having a router stand between the cable modem and the computer, when there is only one device (the computer) that the signal goes to? I ask because I heard once that a router acts as a kind of firewall, even if you don't need it for connecting multiple devices to your cable modem. True? Or should I unplug and bypass the old Vonage router and save myself the few watts of power it draws?

12 comments:

Eddie said...

It does have an internal firewall, so there is some added security. The question is whether or not that firewall is redundant with the OS or security software firewall you already have installed on you PC.

IMO, it doesn't really hurt.

Crash said...

I don't know about the Vonage router, specifically, but, yes, a router provides good security. But unless you use a Mac, like all the cool kids, you will need even more protection. I use a router and a Mac, no other security, and have NO problems. Year after year.

Steve H said...

I'm fairly certain the vonage adapter is actually a switch and provides no firewall.

The real question is which device is doing NAT or do you have an external IP. Easiest way to tell is to open a dos prompt (Start > Run - cmd) and type ipconfig. If your IP address starts with 192.168 it's NAT'ed.

Unplug from the vonage adapter and plug into the cable modem. Repeat the ipconfig steps. If it's still an internal address then the vonage adapter adds no security.

If you went from internal to external then you should keep the adapter. If they were both external then the vonage adapter is still not doing anything and is safe to remove.

Crash said...

The Steve H advice is what you should use.

Mark T said...

Steve H's advice is good.

I would just add/clarify: if your IP address starts with 192.168, then it is an "internal" address, one that is only good from within your own home network and by definition is behind at least some level of "firewall".

If it starts with other numbers, then your address is likely "external", which is to say your machine is directly accessible from the internet and you must use some other form of firewall or security to prevent intrusions and breaches.

Troy Ohlsson said...

ya what they said 8-)

It should provide a hardware firewall, which, as mentioned, won't hurt and could only help. Unless it is just a switch which is more like a hub, but a smart hub. I believe that a switch does not provide a hardware firewall.

Anonymous said...

The above comments are correct...but...

The router serves to allow or disallow access to ports. Simply having a router plugged in does not mean you have a firewall. Most routers (esp. those sold to home consumers at places like BestBuy) are configured with all ports opened. If that is the case, then what your IP address is, whether it is NAT'd (192.xxx.xxx.xxx) does not matter when it comes to security and protection.

I mention this only so that you don't feel any false sense of security. There is no difference between leaving your Vonage router online and just plugging into your cable modem except for a slight but barely noticeable performance hit.

Steve H said...

What anonymous said is actually not at all correct.

While it is true that all OUTGOING ports would be enabled regardless of NAT, if your machine is NATed by the router there is zero chance that INCOMING ports will be mapped to it unless you specifically configure the port forwarding for that to happen.

There are some exceptions to this, most notably if your machine is plugged into a DMZ port or VLAN in your router (unlikely), or some uPnP applications which some devices (not your computer) export.

Jacob said...

One good solution if you have an old PC that isn't being used is to turn it into a hardware firewall. Fairly easy to set up and install, visit http://sourceforge.net/apps/trac/ipcop/wiki for more information.

Lag said...

What Steve H has written is 100% correct. NAT provides a level of security for inbound traffic, so that's a good thing.

Steve, want a job? I'm hiring (network manager)! :-)

Yury said...

I also have a Vonage box -- I'm still a subscriber. I also agree with everything Steve H. said.

Additional thoughts, all of which are very subtle:
- your router, and possibly your cable modem, can do NAT; it might already be doing this translation
- the Vonage box introduces an additional point of failure, which is annoying if/when you have a problem
- the Vonage box uses electricity, which is wasteful
- the Vonage box introduces a microsend delay on all network traffic.

If you aren't using it, get rid of it.

Rakewell said...

Interestingly, when I tried the with/with router experiment, it did change, from 192.168... to 70.173.... I take that to man that, contrary to expectations, the Vonage device really is functioning as a router and provides at least some incoming protection. Since it doesn't seem to be hurting anything, I guess I'll just leave it as is.

Thanks for the advice, everyone. I have the best readers!