My tech guru says that if

I use encryption in my router I dont need a firewall. Whats the real story? Even if I dont need it will probably keep it cause it gives a good concept of wtf is really going on. (R)

If everyone drives safely on the roadways then seatbelts would not be needed. A few years back I didn’t look good enough at a stop sign, and the semi truck driver was speeding. My vehicle lost the battle. Sure glad that I was using a seatbelt. I could have ended up like this guy.


I would say use the firewall.

There are lots of threads to search here and elsewhere on routers with a software firewall, for example. If he really said exactly that with no explanation, you may need a new guru. :wink: Don’t know what he means by using encryption in your router, Encryption secures your communication, but doesn’t stop malware. What a trypical router does is NAT, Network Address Translation, (see wikipedia) which does a pretty good job of blocking attempted inbound connects. A hardware or software firewall for inbound can refine that a bit, and give information on what is being blocked. The real virtue of a software firewall is that it can monitor outbound traffic, keep programs from calling home or doing malicious activities. And CFP3 provides a HIPS (Host Intrusion Prevention System, again Wikipedia) that controls and monitors the activities of your applications. This means that if you have invertently picked up some malware, you can see and stop it before it sends out your private data or reproduces itself by spamming your address book or does some other malicious act like overwriting your disk. Virus scanners are not 100%, and even purchased software has been found to contain trojans and such. So browse a few threads on the subject and try to get a feeling for what additional protection is provided-most of the users of software firewalls are also using NAT routers. :slight_smile:

yeah I was also wondering about the router “encrypting” anything… :SMLR. And as Sded said, SSL connections (that your router cannot generate, it’s not its role) don’t protect against viruses at all. Although you’re not very likely to download a virus on HTTPS, as you most likely know and trust the site you’re connected to when it’s on a secure connection (remains that anti-virus web shields are lost on https, as they can’t read the data).

My guess… “encrypted” regarding router will refer to a WiFi router, where STRONG encryption is an absolute necessity to ensure your WiFi isn’t subject to exploitation by wardrivers, malicious neighbors, curious script kiddies, and so on.

Most hardware firewalls such as are commonly found in consumer-grade routers are SPI (stateful packet inspection); meaning that they examine each inbound packet to see if it’s in response to a previous outbound packet, and check packet integrity to make sure they are what they say they are.

The NAT functionality (also common to these devices) simply means that on your side of the router is a different IP address than on the world’s side. So the world sees the IP address assigned by your ISP; your computer has a different, non-routable IP address (ie, only usable across a network, rather than the internet). Thus if you open a command prompt and type “ipconfig /all” (no quotes) you will see that the IP address for your computer is different (typically 192.168.x.x) than what you get if you go to (or just look in the lower right corner of your posts here).

As has been pointed out in the thread that sded linked, IMO you need both. They serve different functions, and in different ways.

BTW, CFP also has a powerful SPI engine built in.