Hardware Firewall

i trust my router...

Well, test it then! Run it against some of those free scanner sites. Make sure you temporarily disable any software firewalls before trying this though.

EDIT: I should mention, for completness' sake, that "passing" one or more of these scanning sites doesn't guarantee a solid firewall; it just guarantees a sort of minimum requirements met kind of thing.

You shouldn't.

The firewall in your router is a basic model that will do basic port blocking. If you want a real firewall, try something like a Sonicwall or Cisco model with Stateful Packet Inspection, VPN support, multiple authentication types and other advanced features. They're really meant for corporate networks, but I've seen some geeks use them on their own networks.

BTW, I do recommend you use a software firewall if you like to surf around a lot, make sure the software you get also inspects your outbound traffic as well. I recommend Zone Alarm.

No offense Labmouse, but the world would be a better place if Zonealarm disappeared off the Earth (it used to be good though). I use pccillin by trend micro for a software firewall (it has other cool features as well such as of course outbound monitoring). Their Housecall site to do a free online virus scan is amazing, I have repeatedly seen it catch stuff on some of my users pc's that NOTHING else caught, not crappy bloatware Norton nor pos McAfee.

i used zone alarm for quite a few years, but have since switched to kerio. zone labs continues to remove functionality from the free version of zone alarm.

check this site for good testing of you're router firewall.

http://www.grc.com/default.htm

I guess Zone Alarm is going down the tubes then...I remember it was one of the best about 2 years ago...I just use windows firewall now...

A hardware firewall is good, but its only part of a good security set up. You also need a software firewall to monitor your outbound traffic. Hardware firewalls and software firewalls do 2 different things, although they do overlap some. You really need both if you want to run windows.

Labmouse: I have a SPI firewall in my router, so it's not necesarily just in the high end equipment (I have a Linksys WRT54GS).

Also I disagree that ZA is crap. It's not perfect but its fine for most people who dont wanna take the time to properly configure a firewall "by hand" but just want it to protect them. It works, and works easily for most "average" users. also the price is right (for the free version)

So to the OP: yes hardware firewalls are very good, I strongly suggest having one and taking the time to learn how to configure it. and yes, you also need a software firewall. There are lots out there, some free, some not. Zone Alarm, Kerio, Nortons, and several others. Some are free, others cost $$. The only firewall I have personal experience with that I would recomend you NOT use is Black Ice. Otherwise just pick one and learn how to use it.

oh, and I also agree with Digitalpunk, you should never trust your security measures. Also excersise a healthy dose of scepticism when online, and when in doubt dont click on it. a careless user can easily defeat the best security measures.

I have the firewall on my Linksys enabled, aswell as WPA, and mac address filtering on. So im pretty safe, and I would recommend you do that aswell.

Agree...
as long as we can setup our hardware properly, then it'll be pretty safe and there's no need to have a software. But if you're into in somewhat of safe zone in your PC, than you might need to use Kerio or Raptor, which by default installation it will block everything... than gradually you open all the ports that you'd like to use, but it's painful, I've done that, and seriously it drives me crazy having to check log files every single minute just to make sure things OK.

Kerio PF

There is no absolute security, I guess. If there is a connection, I believe there is a risk, right? Specially that we all need to allow outgoing traffic on most circunstances... and, in some situations, even open ports for incoming traffic. As a hardware router, I use a WRT54G with iptables. Very customizable. I trust my router, but I'm not saying it's the best fortress in the world...

^ Pretty much.

When talking to (IT) security professionals, they talk of "layered defenses". In other words, have layers of protection so that if one layer fails, you have backup defenses. Thus, I run my router's firewall plus a software firewall/intrusion package. Technically I should run a rootkit detection kit as well, but it's too much work.

I have both a hardware firewall (router) and a software firewall (outpost). I would very much recommend using both because a hardware firewall typically protects against inbound breach attempts, whereas the software end of things will protect better against software-based threats (eg.: if you have a virus that attempts to call home or otherwise propagate, a software firewall should stop it and ask for user confirmation for the virus gets the chance to open a connection.).