Do I Need a Firewall if I Have a Router?

do-i-need-a-firewall-if-i-have-a-router photo 1

There are two types of firewalls: hardware firewalls and software firewalls. Your router functions as a hardware firewall, while Windows includes a software firewall. There are other third-party firewalls you can install, too.

In August 2003, if you connected an unpatched Windows XP system to the Internet without a firewall, it could be infected within minutes by the Blaster worm, which exploited vulnerabilities in network services that Windows XP exposed to the Internet.

In addition to demonstrating the importance of installing security patches, this demonstrates the importance of using a firewall, which prevents incoming network traffic from reaching your computer. But if your computer is behind a router, do you really need a software firewall installed?

How Routers Function as Hardware Firewalls

Home routers use network address translation (NAT) to share a single IP address from your Internet service provide among the multiple computers in your household. When incoming traffic from the Internet reaches your router, your router doesn’t know which computer to forward it to, so it discards the traffic. In effect, the NAT acts as a firewall that prevents incoming requests from reaching your computer. Depending on your router, you may also be able to block specific types of outgoing traffic by changing your router’s settings.

You can have the router forward some traffic by setting up port-forwarding or putting a computer in a DMZ (demilitarized zone), where all incoming traffic is forwarded to it. A DMZ, in effect, forwards all traffic to a specific computer – the computer will no longer benefit from the router acting as a firewall.

do-i-need-a-firewall-if-i-have-a-router photo 2

Image Credit: webhamster on Flickr

How Software Firewalls Work

A software firewall runs on your computer. It acts as a gatekeeper, allowing some traffic through and discarding incoming traffic. Windows itself includes a built-in software firewall, which was first enabled by default in Windows XP Service Pack 2 (SP2). Because software firewalls run on your computer, they can monitor which applications want to use the Internet and block and allow traffic on a per-application basis.

If you’re connecting your computer directly to the Internet, it’s important to use a software firewall – you shouldn’t have to worry about this now that a firewall comes with Windows by default.

do-i-need-a-firewall-if-i-have-a-router photo 3

Hardware Firewall vs. Software Firewall

Hardware and software firewalls overlap in some important ways:

  • Both block unsolicited incoming traffic by default, protecting potentially vulnerable network services from the wild Internet.
  • Both can block certain types of outgoing traffic. (Although this feature may not be present on some routers.)

Advantages of a software firewall:

  • A hardware firewall sits between your computer and the Internet, while a software firewall sits between your computer and the network. If other computers on your network become infected, the software firewall can protect your computer from them.
  • Software firewalls allow you to easily control network access on a per-application basis. In addition to controlling incoming traffic, a software firewall can prompt you when an application on your computer wants to connect to the Internet and allow you to prevent the application from connecting to the network. This feature is easy to use with a third-party firewall, but you can also prevent applications from connecting to the Internet with the Windows firewall.

do-i-need-a-firewall-if-i-have-a-router photo 4

Advantages of a hardware firewall:

  • A hardware firewall sits apart from your computer – if your computer becomes infected with a worm, that worm could disable your software firewall. However, that worm couldn’t disable your hardware firewall.
  • Hardware firewalls can provide centralized network management. If you run a large network, you can easily configure the firewall’s settings from a single device. This also prevents users from changing them on their computers.

Do You Need Both?

It’s important to use at least one type of a firewall – a hardware firewall (such as a router) or a software firewall. Routers and software firewalls overlap in some ways, but each provides unique benefits.

If you already have a router, leaving the Windows firewall enabled provides you with security benefits with no real performance cost. Therefore, it’s a good idea to run both.

You don’t necessarily have to install a third-party software firewall that replaces the built-in Windows firewall – but you can, if you want more features.

More stories

How to Disable Cortana on the Windows 10 Lock Screen

With the Windows 10 Anniversary Update, Cortana is now enabled by default on your lock screen–assuming you haven’t disabled her entirely. If you’d rather not have Cortana answering questions when your PC is locked, it’s an easy enough feature to disable.

How to Install Extensions in Microsoft Edge

Microsoft Edge finally supports browser extensions thanks to Windows 10’s Anniversary Update. Edge extensions are now available in the Windows Store, although only a few are initially available.

12 of the Biggest PC Myths That Just Won’t Die

Computers are like anything else. Myths and urban legends have built up over time, passed from person to person. Some myths once had a grain of truth, but are no longer true thanks to technological progress.

Forget Chromebooks: Chrome OS is Coming to Windows

Google didn’t announce any shiny new Chromebooks at Google I/O. Instead, they highlighted their two big “platforms” — Chrome and Android. Whether you’re using Windows, Linux, or Mac, Google will be bringing the Chrome OS experience to you.

How to Unsubscribe from Email Newsletters the Correct Way

Do you get too many newsletters and other promotional emails? These emails aren’t technically “spam” — they’re from legitimate organizations. Thanks to the US CAN-SPAM act, every legitimate company offers a consistent way to unsubscribe from their newsletters.