Well, the simplest and least expensive is a router. The trick, and it is a trick, is to find out what configuration options the router has before buying it. At minimum you'd want to be able control port access (add/delete/change, etc) and if connecting multiple computers, possibly by connection. BestBuy geeks don't know the config options. A rule of thumb (not an edict) is that the $99.95 router has more config options than the $29.95. An alternative is to look at more enterprise-like brands, not usually available at BestBuy etc such as 3com or Cisco. Each has end-user type products in the same price price range. For $300++ there are specific "security appliances". One mfg that comes to mind is ZyXel, but there are many others, including 3com, Cisco, etc. As for software based firewalls, they process every packet over the connection. They do this in the background, and can cause bottlenecks. There is one advantage to using software though, that being with some of the programs, you are "notified" of unknown OUTGOING traffic and can decide what to do on the fly. Not helpful for incoming attacks other than they can block, but the pest has already gotten inside and is now on the grounds, knocking on the door of THIS machine. HTH Osorico
muy bien, many thanks once again Osorico. Now my little proposed system is 2 machines hooked by a 2-port KVM to one keyboard and 2 flat screens. Are you proposing 2 routers. One set specifically for the 3 programmes on my trading machine and the other more generally set for the utility machine. And, if so are they hooked in series or parallel with the utility leading. many thanks
No need for 2 routers. Here's what I would do, until I knew better... 1) using a 29.95 router (ie assuming one-size-fits-all port controls) connect both computers and the modem to the router. But plz remember the guideline (not edict), spend more, get more config options. You may WANT or worse, NEED them in the future. 2) On the trading machine use port-blocker software (not a firewall, but similar, and much much lighter!) for the unwanted ports. The router will likely allow your trading apps access with no adjust needed. Byproduct of using a port-blocker on the trading machine is you can make changes easily (for software updates, different warez, etc) without affecting anything, including the router, other than this computer. 3) On your surfing machine, use Shields Up to assist configuring the router for "stealth" operation (ie ports). There are other similar services, but this one has been around a long time and is certainly a good starting point. Then retest your trading computer to make sure all your trading apps still operate. As for a port-blocker. I recommend a freebie Emsa Port Blocker There are many others though. I like Emsa because it lets you specify remote(outgoing) and local(incoming) ports to block. Some others only block one or the other. For your needs, you might block remote port 80 (http), now you can't even get there, and local port 80 incase some rogue app decides it wants to accept http connections. Obviously, the router needs port 80 open if you plan to do any surfing on the other machine. Again, HTH Osorico EDIT: almost forgot, Emsa is free but requires an activate code. It's a bit confusing, imo. Just read carefully. No personal info is asked for or needed. Kinda silly.
Software firewalls have no performance impact other than causing your computer to start up slower than usual. They have the big advantage of blocking by application instead of by port. You can configure your HW firewall to block every port except x and y, so only your trading app can connect out. But a smart trojan will figure out what x and y are and exploit it. SW firewalls will prevent the trojan from connecting no matter what ports are blocked or unblocked. Everyone should run a SW firewall in additional to a HW .