dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
3473
andyv420
join:2005-02-06

andyv420

Member

Linksys: NAT vs. SPI???

Hello -I am new here.

I have a problem with deciding on which has better firewall capabilities? The two are the BEFSR41 and the BEFSX41. I am on a standalone PC using DSL connection. I know the first one uses NAT and the second one uses the more advanced SPI firewall. All I want to know which will provide me with more security for my PC? I do not want to use an additional software firewall as there pop-up alerts are really annoying. I just tend to use only a router.

I am really confused on which one to get. Please help.

Dustyn
Premium Member
join:2003-02-26
Ontario, CAN
·Carry Telecom
·TekSavvy Cable
Asus GT-AX11000
Technicolor TC4400

2 edits

Dustyn

Premium Member

BEFSX41 if you want the VPN connections and SPI capabilities.
An excellent firewall.

In terms of which one will provide you with more security?
I'd have to say the BEFSX41 since it has *SPI.

*Although how much of a difference in security compared to a regular NAT router... I don't know. I have used both routers you've mentionand and I would choose the BEFSX41 over the BEFSR41 any day. It's what I use today. No extra software needed!
andyv420
join:2005-02-06

andyv420

Member

GREAT!!!!! So I'll go to down to my local PC store and buy it.

I think its great since I dont want to use an additional software firewall. So this router ADDS FULL firewall features all in one without having me to install another software firewall.

Cool!!!!! Its a bit pricey but its worth it.

Also, is the same physical setup as the BEFSR41????

And just out of curiousity here,, Currently right now Im running Sygate FREE Version, does it have SPI capabilities?

Dustyn
Premium Member
join:2003-02-26
Ontario, CAN
·Carry Telecom
·TekSavvy Cable
Asus GT-AX11000
Technicolor TC4400

4 edits

Dustyn

Premium Member

Errrr.... just a second.
What I mean by "no extra software needed!" was that you don't need any additional software when settings up your router. You can just use the web interface option instead. It's the same setup as the BEFSR41, yes.

If you want outbound protection, then you may wish to consider purchasing or downloading a free software firewall. But yeah, the BEFSX41 should be enough if you are not concerned about unauthorized outbound connections. This would only happen if you accidentally downloaded spyware or something malicious. If the user is security conscious and knows what he/she is doing on there end... your only concern is the inbound protection. This is where the BEFSX41 comes into play. But if other people use your PC and download software and visit all sorts of sites, then an outbound firewall is a good idea in case something malicious was unintentionally downloaded and installed.
andyv420
join:2005-02-06

andyv420

Member

Nahhhhhh................. I do not tend to go on those .....you know.... sites. No way. I just only use the PC for email and basic surfing thats all. I do not even run an AV software because 1. I use a web-based email and 2. I do not download attachments at all. And only plain text messages are selected so bad coding could be injected with outbound traffic.

SPeaking of using SPI, does Sygate FREE version use SPI???

Dustyn
Premium Member
join:2003-02-26
Ontario, CAN
·Carry Telecom
·TekSavvy Cable
Asus GT-AX11000
Technicolor TC4400

3 edits

Dustyn

Premium Member

You should be fine with just the BEFSX41. I'm not however saying that an outbound firewall isn't a "good idea"... *just in case I get flamed*.
As for the Sygate offering SPI... I think so?... but not 100%. Maybe someone else will care to chime in?

My setup is a Linksys BEFSX41-CA v.2 with Windows XP Firewall. I use Spyware Blaster, Ad-Aware, Spybot S&D with TeaTimer, along with Avast4Home and I have NEVER had any spyware, adware or viruses make it's way onto my rig. Nothing malicious of any type. No hi-jacking...anything.

*YOU CAN NEVER HAVE 2 MUCH PROTECTION!*

I am security conscious, and I'm the only one who uses "MY" computer.
andyv420
join:2005-02-06

1 edit

andyv420

Member

I meant BAD coding could not be injected. Im sorry. Typo.

Also, I would like to ask you, since I will be using the PC for Email and basic Internet surfing, what settings in the BEFSX41 should I Enable or Disable to be EXTRA or ALL stealthed when I scan on the Sheild UP website www.grc.com

Of course, I will not be using the VPN functions since Im on a standalone PC. Thats really uneeded.

Please advise.

Dustyn
Premium Member
join:2003-02-26
Ontario, CAN
·Carry Telecom
·TekSavvy Cable
Asus GT-AX11000
Technicolor TC4400

3 edits

Dustyn

Premium Member

As soon as you plug in the router the BEFSX41 will load the default settings for the firewall. These settings are HIGH. It will report ALL ports as stealth on GRC. Even the IDENT port! 115? EVERYTHING will be stealth.

The default firewall settings are pretty tight and it's what I use. The only thing you'll have to modify is the routers time zone so it can fetch it's time off of the time servers, enter in your ISP info, and then change the routers password.

EDIT: UPNP... you may need to ENABLE it... but I leave it disabled as I have no use for it and it CAN be a security hazard.
Dustyn

4 edits

Dustyn to andyv420

Premium Member

to andyv420
The firmware that came pre-installed on my BEFSX41-CA v.2 router is 1.50.18. Yours may come with an older version like 1.45.6 or 1.45.7 if you buy the BEFSX41 v.1. 1.50.18 is the latest for BEFSX41-CA v.2... but the latest firmware can be applied to either VERSION of the router. Most people will comment on how the 1.45.7 is the BEST version to have.
It is for some and not for others...

*done editing*
andyv420
join:2005-02-06

1 edit

andyv420 to Dustyn

Member

to Dustyn
No no no no ....Bad idea to Enable the UPnP. I heard that there is a vulnerability when the UPnP is enabled.

See here:
»grc.com/unpnp/unpnp.htm

Oh and before I forget. Incase the CAT-5 UTP cable is not provided in the box, will it be OK to use the one cable that came with the BEFSR41 router? (The one router I use to have)

And when I buy this type of router, what should I look on the box as far as firmware or version number? What version or firmware should I get. And where would it say on the box?

Dustyn
Premium Member
join:2003-02-26
Ontario, CAN
·Carry Telecom
·TekSavvy Cable
Asus GT-AX11000
Technicolor TC4400

2 edits

Dustyn

Premium Member

Good call on the UPNP. I personally DO NOT use it and have it disabled in my router. It's just that some people will find it useful when using P2P programs or chat programs. That's the only reason I mentioned it in case you find you may need it down the road.

Yes, the cable that came with your BEFSR41 is fine to use. Even a CAT4 cable will still obtain a 100.0 Mbps connection. More than likely your old one is a CAT5 cable. My BEFSX41-CA v.2 came with a CAT5 cable. But I opted out of using it as I have a CAT5e cable.

EDIT: If you can find the version 2 of this router... it will show on the picture of the box a TOTAL of 7 lights. the old one had I think 15 lights. The only real significant differences between v.1 and v.2 is the firmware and the cosmetic design. Possibly along with newer internal components.... I don't know. If you want the one with all the extra lights... get that one... you can still update the firmware if *needed* to 1.50.11. I DO NOT recommend this if 1.45.6 or 1.45.7 is working properly. If you want the one with the updated firmware and design, get the v.2.

In all actuality... there is no real difference between the two.
andyv420
join:2005-02-06

2 edits

andyv420

Member

Even Im taking a Networking class, Im still rusty at making RJ45 wires. I know how to optimize the colors, but Im too clumsy at it But are you sure it comes with a cable???

So, on the box, what version or firmware should I get or look for??? Please advise.

And do I need the VPN settings or not? Like I said, no networked PCs here, just standalone.

Dustyn
Premium Member
join:2003-02-26
Ontario, CAN
·Carry Telecom
·TekSavvy Cable
Asus GT-AX11000
Technicolor TC4400

4 edits

Dustyn

Premium Member

The BEFSX41-CA v2 comes WITH a cable included.
The BEFSX41-CA v1 does NOT come with a cable.


They BOTH came with cabling.

It will usually indicate on the side panel of the box if it has one or not.

The firmware will NOT be shown on the box.
But the VERSION of the router WILL.
If you get the BEFSX41... it will more the likely be a 1.45.x where (x) represents ? number. The BEFSX41v2 comes with 1.50.11.

On the BOTTOM of the box you will see in VERY VERY VERY TINY print underneath the bar-code if it's a version 2. It will say: BEFSX41-CA v2. An EASIER way is just to see if the picture shows 7 lights or not. 7 lights: BEFSX41 v2, 18 lights, v1.

VPN?.... no.
andyv420
join:2005-02-06

andyv420

Member

Incase its Version 1.0 then should I still get it? I really want this.

Dustyn
Premium Member
join:2003-02-26
Ontario, CAN
·Carry Telecom
·TekSavvy Cable
Asus GT-AX11000
Technicolor TC4400

4 edits

Dustyn

Premium Member

Yes. Like I said... the only real diference is "cosmetic appearance".

V1: more lights, slightly older firmware, older hardware.
V2: less lights, up to date firmware, newer hardware.

andyv420 See Profile the version thing? It's no big deal. Just get whatever one you can find. The firmware is probably the only thing that's of ANY importance which can be EASILY updated... ONLY IF NEEDED. 1.50.11 is a bit buggy. The older firmwares are pretty rock solid.

Just get whatever one you see that is a BEFSX41. They are one in the same.
andyv420
join:2005-02-06

andyv420

Member

You rock, thanks for the input. That was quick. This forum rules. I just joined like an hour ago.

Aslo agaim and Im soryy for all these silly questions, is my main concern here. Im using a PPPoe connection type. Will this router (BEFSX41) have PPPoe option to select?

I hope so.

Dustyn
Premium Member
join:2003-02-26
Ontario, CAN
·Carry Telecom
·TekSavvy Cable
Asus GT-AX11000
Technicolor TC4400

1 edit

Dustyn

Premium Member

said by andyv420:

You rock, thanks for the input. That was quick. This forum rules. I just joined like an hour ago.

Aslo agaim and Im soryy for all these silly questions, is my main concern here. Im using a PPPoe connection type. Will this router (BEFSX41) have PPPoe option to select?

I hope so.
hehehehe.... thanks. I'm glad SOMEONE thinks so. And on behalf of Broad Band Reports...WELCOME!

heh... don't be sorry in asking. There are no stupid questions. As for the router having a PPPoE connection, yes it indeed does have that option along with others.

Good luck andyv420 See Profile!

You're welcome anytime!
andyv420
join:2005-02-06

andyv420

Member

Should the firmware be very important to me or not?

And what do you like better as far as Version# and firmware?

Dustyn
Premium Member
join:2003-02-26
Ontario, CAN
·Carry Telecom
·TekSavvy Cable
Asus GT-AX11000
Technicolor TC4400

4 edits

Dustyn

Premium Member

For the BEFSX41... version number is irellivant. They are both the same. Only difference is cosmetic.

Take a look at this thread:
»[wired] Recap: BEFSX41 Stable Firmware

*My personal preference is using the latest firmware since it CAME with my router. But 1.45.7 is the most STABLE.

Good luck,
Signing off for tonight,
~Steele Wolf~

Instant message Flogator See Profile if you have more concerns of questions. He is the Linksys guru! Just click beside his name and you'll be brought to his page where you can IM him.

black knight
Premium Member
join:2004-06-22
Oxford, CT

1 edit

black knight to andyv420

Premium Member

to andyv420
Hi AndyV420

May I just Give you My 2 cents. You might want to Consider the linksys WRT-54G/GS. There are several advantages to this unit. First Wireless capability, And most of All the Ability to run 3Rd party Software. These add functionality and Can Maybe help With any possible Problems you might have. Also I realize that you have only one unit, But in the Future you Might want a laptop and with the WRT-54 series You already have Wireless,no Need to Buy a New unit. Just takes one Click to activate the wireless portion.
On another note IMO You really Should consider a software Firewall as well. E-mail can bring Malware just as well as web surfing. The router or Windows firewall Will not stop a Baddy from phoning Home. Same goes for AV.

Good luck with what ever you decide

gracie7
Geek Goddess
Premium Member
join:2003-07-15
confusion

gracie7 to andyv420

Premium Member

to andyv420
said by andyv420:

I think its great since I dont want to use an additional software firewall. So this router ADDS FULL firewall features all in one without having me to install another software firewall.
i understand that you feel you are safe because you don't go on "those" sites, but i strongly second the recommendations that you run a software firewall to protect against OUTGOING nastiness. there are free alternatives that take up relatively little processing power and provide that extra (and imho, necessary) level of protection.
andyv420
join:2005-02-06

andyv420

Member

Even all of my uneeded or "bad" services are all DISABLED. I use Firefox, and the Windows 2000 reg key (LSA) is on "2"

To be honest, I do not like to run these softeare. They interefere or could mess up the system.

Anav
Sarcastic Llama? Naw, Just Acerbic
Premium Member
join:2001-07-16
Dartmouth, NS

1 edit

Anav to andyv420

Premium Member

to andyv420
Its ironic that with such a limited knowledge of security you are willing to poo poo the notion of a SW firewall and even worse not even bother using an AV. This thread is a joke.

To test if its really SPI, just turn NAT off and see if your still protected by the firewall. As for Linksy wrt54GS, it roks spec wise, gobs of ram and a really hot processor for the home segment. Also with third party software support it has no limits. The only problem is that the LAN and WAN are on the same interface (a bad cost cutting decision, and thus there may be circumstances - reboot - that one is directly connected to the net.
This unit is definitely recommended if you want to use it just as an AP, if you want also want to use it as a router, do it with the caveat that there are on some steps to take to avoid the design flaw. It does have a true SPI firewall (throughput with firewall off is 30+Mbps and with the SPI firewall on more like in the 8Mbps region).

keith2468
Premium Member
join:2001-02-03
Winnipeg, MB

keith2468 to andyv420

Premium Member

to andyv420
This can be a complex subject, depending on what you and others are using your computer for.

If you depend on the computer for work or school this is worth reading: »Security »When is an NAT router inadequate protection?
andyv420
join:2005-02-06

andyv420

Member

Security is Common Sense. Its you. Even I do not rely on the best AV software out there. Its all common sense. I onlyscan for viruses when some major hardware changes or a clean OS install takes place.
damox
Premium Member
join:2002-01-07
Olympia, WA

damox to andyv420

Premium Member

to andyv420
I don't know . . . maybe I'm not understanding something here, but the BEFSX41 is both a broadband router and a firewall. As a router it has built-in Network Address Translation. As a firewall it has the SPI capability. The BEFSR41 is a broadband router that has built-in Network Address Translation. It seems pretty clear to me that the BEFSX41 would be more secure (unless it has some major security holes) by virtue of the fact that it is both a router and a firewall. I have been using the BEFSX41 for a couple of years and it seems to be doing a great job.

Those are my thoughts and I'm sticking to them!

Dustyn
Premium Member
join:2003-02-26
Ontario, CAN

Dustyn

Premium Member

You are correct. The BEFSR41 is a NAT router while the BEFSX41 offers NAT and SPI.

I too own, and would choose the BEFSX41 over the BEFSR41.

gracie7
Geek Goddess
Premium Member
join:2003-07-15
confusion

gracie7

Premium Member

said by Dustyn:

I too own, and would choose the BEFSX41 over the BEFSR41.
or my SMC barricades, NAT, SPI, very configurable (i personally find it more so than the linkies) and VPN. sweet.

Dustyn
Premium Member
join:2003-02-26
Ontario, CAN

Dustyn

Premium Member

Yeah, I haven't tried the SMC barricades... It was one of my choices at the time of purchase, but, Linksys won out.

It's what I'm most comfortable with and gives me little trouble.
andyv420
join:2005-02-06

andyv420

Member

Follow up

Well I got it and it works great. I had one issue with it but now its all resolved.

It rules.