Is The Router Firewall Enough?

Good enough is an open-ended statement. It really depends on what you want it to do, the make, model, settings, and firmware as well.

But in general terms, the router hardware firewall does a great job at blocking incoming connections except those that are allowed. And that is its purpose, but it generally does a pretty poor job at outgoing connections.

It is a good practice to have a software firewall as well, which does a much better job at outgoing connections than the router hardware firewall.

Let’s make a few assumptions here for the purpose of this post. The router is a fairly modern router installed in the past three years. It is set to the middle-security level and the firmware is set to auto-update and the manufacturer is actually updating it periodically.

Let’s assume that you are not using the default username and password for the router, let’s assume that you don’t have the firewall of the router open or it is not looking like swiss cheese (full of holes).

Assuming all that, then using it will protect you from an outside attack reasonably well. Adding a good quality software firewall to that will help strengthen your odds.

I make it a practice that once the router is installed, that I will go in and change the username and password, I will also go through the settings to make sure that they are good and make sense. If you are not tech savvy, but not afraid to go into the router like that, then you can Google the router and see what good/recommended settings are for it. You can generally find an article or blog post for just about everyone that is modern and popular.

The one thing to remember is that using the most common settings, a hardware or software firewall will NOT protect you from another computer on your network. So if I can compromise one computer on your network, or I can climb into your wireless network, because you either have it wide open or you have a weak password, and once I have bypassed them, I can likely be on your computer as well.

When I talk about software firewalls, using Windows 10/11 Defender firewall will work well enough for most users. I personally use commercial software instead of Windows Defender, but I’m not knocking Defender, it is a strong product.

I use a commercial product as it offers me more flexibility and more granular settings options.

So let’s look at this defense in depth, and we will establish layers of protection and your router is the first line of defense/protection. If you have a strong password, updated firmware, the middle to high firewall settings, and your wireless network is encrypted and has a strong password, then that layer of defense is pretty strong.

Now let’s also assume that you didn’t move your computer to the DMZ in the firewall. If you don’t know what a DMZ is then you likely didn’t go into the firewall and move your computer to it. Let’s assume that you don’t have port forwarding enabled, like a DMZ, if you don’t know what it is, then it is very likely that you didn’t enable it.

This means that a bad actor is likely going to have to work fairly hard to compromise your hardware firewall to get to your computer, but, that only protects you from one type of attack. It does nothing to stop most malware that you could get from a questionable website or email. That is where the anti-virus software comes into play.

I highly recommend that you don’t cheap out here, don’t use a free product, spend the $35 a year and get a good quality product. Now, I’m not knocking freeware. There is some really strong free antivirus software out there. But for everyone that is good, there are 20 that are fake or bad, in fact, fake antivirus programs are huge for some reason. So unless you know what you are doing, avoid them and buy a big named software like McAfee, Norton, Kaspersky, or Trend Micro.