routers and firewalls

I've read that hardware firewalls are found in routers and that they are in
some ways better than software firewalls. I really have no need for a
router, per se, but I wouldn't mind replacing ZoneAlarm if it is the thing
to do.

But I've also read that software and hardware firewalls have completely
different effects!

If someone can offer a nutshell, plain English explanation of this stuff I'd
like to hear it.

Thanks

--
JimL

"JimL" wrote in message
...
I've read that hardware firewalls are found in routers and that they are
in some ways better than software firewalls. I really have no need for a
router, per se, but I wouldn't mind replacing ZoneAlarm if it is the thing
to do.

But I've also read that software and hardware firewalls have completely
different effects!

If someone can offer a nutshell, plain English explanation of this stuff
I'd like to hear it.

Thanks

--
JimL






Jim

The problem with software firewalls is they are a bunch of bits in memory.
Writing data to the right bits of memory can compromise such a software
firewall.
Because a PC is a general purpose machine it has a wide range of vectors
that may make that possible.

Hardware firewalls on the other hand are very specialised and it's kinda
hard to alter bits burnt into ROM.

Properly running firewalls only do one thing : examine packets of data
coming in or out and allow / block them based on a set of rules.
i.e. the 'effect' is exactly the same.

Handing firewall duties over to another device allso means your PC is not
wasting resources running a firewall in the background.

best
Paul.

On Thu, 30 Jul 2009 21:18:06 -0400, "JimL"
wrote:

I've read that hardware firewalls are found in routers and that they are in
some ways better than software firewalls. I really have no need for a
router, per se, but I wouldn't mind replacing ZoneAlarm if it is the thing
to do.

But I've also read that software and hardware firewalls have completely
different effects!

If someone can offer a nutshell, plain English explanation of this stuff I'd
like to hear it.

Thanks

First, what is it you hope to gain in changing from your
present configuration? If you find your security has been
breached, how did it happen as that is a hole to close.

The major advantage of a hardware firewall is that it does
not expose a (windows) PC directly to the internet. It also
offloads the work the PC might have to do, even more work if
the PC is connected through USB to a modem rather than
ethernet.

Often hardware firewalls in routers, the router settings
themselves are different than what a typical software
firewall's settings allow for. Hardware firewalls often
have settings to block domains, QOS, disabling or limiting
bandwidth, rules for allowed host connections, and more.

Software firewalls on the other hand often do one important
thing hardware firewalls do not, they can block outgoing
connections on a per-program basis. For example, if your
system were compromised, infected with malware that was
trying to phone home to send your data or download more
malware and install it, a hardware firewall won't
necessarily (actually won't usually) stop the outgoing
connection nor the incoming data unless you happened to have
the source domain on the router's block list or a small
inclusion list and a deny-rest (of wan IPs) rule.

A software firewall on the other hand will not allow the
malware the connection unless you manually approve the
connection. There are exceptions such as browser BHOs,
where you had already given permission for the browser to
make a conneciton and the malware piggybacks on the brower
connection to send the data. So in some cases the firewall
alone is not enough, or more attention needs paid to closing
holes and safe practices as a prevention rather than damage
control.

The safest systems would be behind a hardware firewall and
have a software firewall, but how much effort or expense to
put into it can depend on the exposure, risk level the
system sees. For example someone who surfs video websites
that require new codec installations (far too often a virus
in disguise), those who use warez software, or browse shady
websites will have far more browser related risks, but many
seemingly kosher websites may themselves become compromised
and act as servers for malware so there is no 100% safe
surfing practice besides making backups before there are any
infections and shutting down a system's internet connection
the moment a compromise has been detected (after other
prudent measures like antivirus software).

Since most people are not adept enough nor want to spend the
time extensively configuring a software firewall, adding an
inexpensive router is a very good idea. For those who are
adept enough, willing to spend the time with a software
firewall, they obviously value security more and so again an
inexpensive router firewall is a nice insulating layer for
the money it costs.

I see little reason not to have a router firewall on a home
network, even if you leave it set to all default values. If
software were entirely secure and reliable would you even
need a firewall at all? Certainly it is not entirely secure
or bug -free but by moving core logic to a simplifed
firmware in a router, there are far fewer chances for bugs
and windows itself becoming infected can easily allow
crashing of portions of OS, or software firewalls, or
software settings changed that make them ineffective.

There is a third, most effective compromise. Instead of a
hardware firewall in a router or a software firewall running
on the client, setting up a separate computer running a less
vulnerable OS than windows and that system running a more
fully configurable router and firewall software packages.
This option takes the most time, uses the most space and
electricity, but by far allows the most comprehensive
configuration.

Back to my opening statement, knowing these things has no
point unless you have a specific need that is thus far
unaddressed. None of the above is really applicable to any
situation because either is a security measure but there is
no insecurity unless there is a hole of some sort, even if
that hole is a child that opens every email attachment that
comes in or a war driver scanning your wifi network.

"PeeCee" wrote in message
...
"JimL" wrote in message
...
I've read that hardware firewalls are found in routers and that they are
in some ways better than software firewalls. I really have no need for a
router, per se, but I wouldn't mind replacing ZoneAlarm if it is the
thing to do.

But I've also read that software and hardware firewalls have completely
different effects!

If someone can offer a nutshell, plain English explanation of this stuff
I'd like to hear it.

Thanks

--
JimL






Jim

The problem with software firewalls is they are a bunch of bits in memory.
Writing data to the right bits of memory can compromise such a software
firewall.
Because a PC is a general purpose machine it has a wide range of vectors
that may make that possible.

Hardware firewalls on the other hand are very specialised and it's kinda
hard to alter bits burnt into ROM.

Properly running firewalls only do one thing : examine packets of data
coming in or out and allow / block them based on a set of rules.
i.e. the 'effect' is exactly the same.

Handing firewall duties over to another device allso means your PC is not
wasting resources running a firewall in the background.

best
Paul.



Thanks

--
JimL

"kony" wrote in message
...
On Thu, 30 Jul 2009 21:18:06 -0400, "JimL"
wrote:

Thanks for what looks _to me_ like a good overview of firewalls.

Back to my opening statement, knowing these things has no
point unless you have a specific need that is thus far
unaddressed.

Perhaps you are forgetting one "point" in your search for specifics - the
future. And at my house, "not knowing" about a specific need is definitely
not the same as "not having" a specific need. Having had no "holes" in the
past (if indeed I have not) doesn't seem like much of a guarantee for what
might happen tommorrow.

I've very recently switched from dial-up to cable modem. Seems to me the
very quantity of events inherent in a high-speed internet connection as
compared to dial-up makes firewalls a more important topic.

Since I got the cable modem connection I have thought about and worked on
several things I believe I should think about and work on in an effort to
head off what _might_ happen from here on. Looking ahead seems to me to be
only common sense. But it doesn't seem to set well with many here who
demand that I describe a problem that _IS_ not a problem that _might_ be.
But that won't stop me from thinking about tomorrow's possible issues.

Specifically, as I thought about high speed internet issues, firewalls came
to mind. (Perhaps I'm a worry wort, but I doubt I'll EVER leave myself
connected 24/7, no matter how good I think my protection is.) It looks to
me like inviting trouble when I don't have to. So not knowing much of
anything about hardware firewalls I decided to ask, given the possibility
that more traffic might mean more problems.

Thanks

--
JimL

On Thu, 6 Aug 2009 21:18:17 -0400, "JimL"
wrote:

"kony" wrote in message
.. .
On Thu, 30 Jul 2009 21:18:06 -0400, "JimL"
wrote:

Thanks for what looks _to me_ like a good overview of firewalls.

Back to my opening statement, knowing these things has no
point unless you have a specific need that is thus far
unaddressed.

Perhaps you are forgetting one "point" in your search for specifics - the
future. And at my house, "not knowing" about a specific need is definitely
not the same as "not having" a specific need. Having had no "holes" in the
past (if indeed I have not) doesn't seem like much of a guarantee for what
might happen tommorrow.

I've very recently switched from dial-up to cable modem. Seems to me the
very quantity of events inherent in a high-speed internet connection as
compared to dial-up makes firewalls a more important topic.

Fair enough, but you hadn't mentioned this yet unless I
overlooked it.

Since I got the cable modem connection I have thought about and worked on
several things I believe I should think about and work on in an effort to
head off what _might_ happen from here on. Looking ahead seems to me to be
only common sense. But it doesn't seem to set well with many here who
demand that I describe a problem that _IS_ not a problem that _might_ be.
But that won't stop me from thinking about tomorrow's possible issues.

Use a router. Wifi even better. With this option in the
future you can add PCs as you wish, not depending on any one
for the internet connection, allowing for wireless laptop or
distant client use w/o stringing wire, change the operating
system and be online without concern about having installed
the firewall yet.


Specifically, as I thought about high speed internet issues, firewalls came
to mind. (Perhaps I'm a worry wort, but I doubt I'll EVER leave myself
connected 24/7, no matter how good I think my protection is.) It looks to
me like inviting trouble when I don't have to. So not knowing much of
anything about hardware firewalls I decided to ask, given the possibility
that more traffic might mean more problems.

Most people with cable internet access are likely to be
connected 24/7, and are safe doing so if they have a router
between their PC and the internet. So long as a windows box
with open ports isn't sitting exposed to the internet,
letting it sit online unused isn't much of a risk, the risk
is far moreso that of actively visiting a hostile website or
breached one delivering rogue malware, of opening an
infected email on a vulnerable client, inserting an infected
USB thumbdrive with autoplay enabled, and other actively
undertaken activities.

In other words, either it is something the user initiates
which gets them infected or an external thread is doing a
port scan or wifi survey. For now I will ignore the wifi
since your topic is about firewalls. Since the router is
not offering services other than routing, there is very
little possiblity of exploitation. It is not impossible but
let's face it, windows is targeted far more than any other
OS and any OS is targeted far more than specific router
models among the myriad possible routers and firmwares that
exist in the world.

As mentioned in my prior reply, a software firewall does add
one feature that's great for some, that it allows
per-application denial of wan/internet access. If you feel
that is important to have, I recommend running both a
software firewall that supports it (you mentioned Zonealarm
IIRC, which does support it), and a router with it's
inherant firewalling.

The better question is what does it hurt. They are
inexpensive, an additional layer of security, allow for
expansion. Downside is the ~$20 cost, a few cubic inches of
space it takes up and maybe a half dozen watts of power
consumed on average for consumer models.

A router in it's default configuration is often ready to use
out of the box except if it supports wifi you might want to
unscrew the antenna to eliminate any usable range until
security settings for wifi are set... though some might call
that paranoid but knowing how easy it is to put off doing
things or get busy doing something else, having the antennan
off until wifi is secure from the beginning eliminates that
possibility, assuming the router has only an external
antenna not one internal but again I am drifting into a
different topic than asked about.

"kony" wrote in message
...
On Thu, 6 Aug 2009 21:18:17 -0400, "JimL"
wrote:

"kony" wrote in message
. ..
On Thu, 30 Jul 2009 21:18:06 -0400, "JimL"
wrote:

Thanks for what looks _to me_ like a good overview of firewalls.

Back to my opening statement, knowing these things has no
point unless you have a specific need that is thus far
unaddressed.

Perhaps you are forgetting one "point" in your search for specifics - the
future. And at my house, "not knowing" about a specific need is
definitely
not the same as "not having" a specific need. Having had no "holes" in
the
past (if indeed I have not) doesn't seem like much of a guarantee for what
might happen tommorrow.

I've very recently switched from dial-up to cable modem. Seems to me the
very quantity of events inherent in a high-speed internet connection as
compared to dial-up makes firewalls a more important topic.

Fair enough, but you hadn't mentioned this yet unless I
overlooked it.

Since I got the cable modem connection I have thought about and worked on
several things I believe I should think about and work on in an effort to
head off what _might_ happen from here on. Looking ahead seems to me to
be
only common sense. But it doesn't seem to set well with many here who
demand that I describe a problem that _IS_ not a problem that _might_ be.
But that won't stop me from thinking about tomorrow's possible issues.

Use a router. Wifi even better. With this option in the
future you can add PCs as you wish, not depending on any one
for the internet connection, allowing for wireless laptop or
distant client use w/o stringing wire, change the operating
system and be online without concern about having installed
the firewall yet.


Specifically, as I thought about high speed internet issues, firewalls
came
to mind. (Perhaps I'm a worry wort, but I doubt I'll EVER leave myself
connected 24/7, no matter how good I think my protection is.) It looks to
me like inviting trouble when I don't have to. So not knowing much of
anything about hardware firewalls I decided to ask, given the possibility
that more traffic might mean more problems.

Most people with cable internet access are likely to be
connected 24/7, and are safe doing so if they have a router
between their PC and the internet. So long as a windows box
with open ports isn't sitting exposed to the internet,
letting it sit online unused isn't much of a risk, the risk
is far moreso that of actively visiting a hostile website or
breached one delivering rogue malware, of opening an
infected email on a vulnerable client, inserting an infected
USB thumbdrive with autoplay enabled, and other actively
undertaken activities.

In other words, either it is something the user initiates
which gets them infected or an external thread is doing a
port scan or wifi survey. For now I will ignore the wifi
since your topic is about firewalls. Since the router is
not offering services other than routing, there is very
little possiblity of exploitation. It is not impossible but
let's face it, windows is targeted far more than any other
OS and any OS is targeted far more than specific router
models among the myriad possible routers and firmwares that
exist in the world.

As mentioned in my prior reply, a software firewall does add
one feature that's great for some, that it allows
per-application denial of wan/internet access. If you feel
that is important to have, I recommend running both a
software firewall that supports it (you mentioned Zonealarm
IIRC, which does support it), and a router with it's
inherant firewalling.

The better question is what does it hurt. They are
inexpensive, an additional layer of security, allow for
expansion. Downside is the ~$20 cost, a few cubic inches of
space it takes up and maybe a half dozen watts of power
consumed on average for consumer models.

A router in it's default configuration is often ready to use
out of the box except if it supports wifi you might want to
unscrew the antenna to eliminate any usable range until
security settings for wifi are set... though some might call
that paranoid but knowing how easy it is to put off doing
things or get busy doing something else, having the antennan
off until wifi is secure from the beginning eliminates that
possibility, assuming the router has only an external
antenna not one internal but again I am drifting into a
different topic than asked about.



Again a good post from my point of view. As for "what does it hurt," I
don't know. You refer to "very little risk." That isn't the same as none.
I noticed that in about a year and a half ZA logged over 140,000 blocked
access attempts on dial-up. Apparently there are "scanners" just searching
for a chance to make trouble. And broadband presents the potential for even
greater numbers of scans.

Plus I put all of my computer stuff on switching control and shut them down
overnight if for no more reason than eliminating vampire electrical
consumption. Using old machines as I do it makes sense to me to cut down on
wear and tear.

Hardware firewall. You're kind of preaching to the choir there. I've been
trying to get a handle on whether to go wireless. (If it turns out it
doesn't even work where I want it, I could, as you suggest, just remove the
antennas.) You mention ~$20 in cost. I'd guess that if one were
concerned about reliability the figure would be somewhat higher.

Thanks

--
JimL

"kony" wrote in message
...
On Thu, 6 Aug 2009 21:18:17 -0400, "JimL"
wrote:

"kony" wrote in message
. ..
On Thu, 30 Jul 2009 21:18:06 -0400, "JimL"
wrote:

Thanks for what looks _to me_ like a good overview of firewalls.

Back to my opening statement, knowing these things has no
point unless you have a specific need that is thus far
unaddressed.

Perhaps you are forgetting one "point" in your search for specifics - the
future. And at my house, "not knowing" about a specific need is
definitely
not the same as "not having" a specific need. Having had no "holes" in
the
past (if indeed I have not) doesn't seem like much of a guarantee for what
might happen tommorrow.

I've very recently switched from dial-up to cable modem. Seems to me the
very quantity of events inherent in a high-speed internet connection as
compared to dial-up makes firewalls a more important topic.

Fair enough, but you hadn't mentioned this yet unless I
overlooked it.

Since I got the cable modem connection I have thought about and worked on
several things I believe I should think about and work on in an effort to
head off what _might_ happen from here on. Looking ahead seems to me to
be
only common sense. But it doesn't seem to set well with many here who
demand that I describe a problem that _IS_ not a problem that _might_ be.
But that won't stop me from thinking about tomorrow's possible issues.

Use a router. Wifi even better. With this option in the
future you can add PCs as you wish, not depending on any one
for the internet connection, allowing for wireless laptop or
distant client use w/o stringing wire, change the operating
system and be online without concern about having installed
the firewall yet.


Specifically, as I thought about high speed internet issues, firewalls
came
to mind. (Perhaps I'm a worry wort, but I doubt I'll EVER leave myself
connected 24/7, no matter how good I think my protection is.) It looks to
me like inviting trouble when I don't have to. So not knowing much of
anything about hardware firewalls I decided to ask, given the possibility
that more traffic might mean more problems.

Most people with cable internet access are likely to be
connected 24/7, and are safe doing so if they have a router
between their PC and the internet. So long as a windows box
with open ports isn't sitting exposed to the internet,
letting it sit online unused isn't much of a risk, the risk
is far moreso that of actively visiting a hostile website or
breached one delivering rogue malware, of opening an
infected email on a vulnerable client, inserting an infected
USB thumbdrive with autoplay enabled, and other actively
undertaken activities.

In other words, either it is something the user initiates
which gets them infected or an external thread is doing a
port scan or wifi survey. For now I will ignore the wifi
since your topic is about firewalls. Since the router is
not offering services other than routing, there is very
little possiblity of exploitation. It is not impossible but
let's face it, windows is targeted far more than any other
OS and any OS is targeted far more than specific router
models among the myriad possible routers and firmwares that
exist in the world.

As mentioned in my prior reply, a software firewall does add
one feature that's great for some, that it allows
per-application denial of wan/internet access. If you feel
that is important to have, I recommend running both a
software firewall that supports it (you mentioned Zonealarm
IIRC, which does support it), and a router with it's
inherant firewalling.

The better question is what does it hurt. They are
inexpensive, an additional layer of security, allow for
expansion. Downside is the ~$20 cost, a few cubic inches of
space it takes up and maybe a half dozen watts of power
consumed on average for consumer models.

A router in it's default configuration is often ready to use
out of the box except if it supports wifi you might want to
unscrew the antenna to eliminate any usable range until
security settings for wifi are set... though some might call
that paranoid but knowing how easy it is to put off doing
things or get busy doing something else, having the antennan
off until wifi is secure from the beginning eliminates that
possibility, assuming the router has only an external
antenna not one internal but again I am drifting into a
different topic than asked about.



I replaced my original DSL modem with one that has a
WiFi function, and that put the WiFi on the modem side
of my existing router. Therefor, the router's firewall protects
my wired LAN from both the internet and WiFi. This means
that my mobile WiFi enabled devices have no access to my
LAN, but they do have access to the internet. With no real
wireless network setup, the mobile devices can't connect to
each other. With no bridge setup the computers on the LAN
have no access to the mobile devices, nor is it open to the
wireless environment. So, I just leave the WiFi open and
anyone or any wifi device, in range can connect to the internet
through my DSL modem. While this could expose me to the
results of any mischief, that a very nearby operator might effect
using my DSL connection, it does not expose my LAN.

Luck;
Ken

"Ken Maltby" wrote in message
...

"kony" wrote in message
...
On Thu, 6 Aug 2009 21:18:17 -0400, "JimL"
wrote:

"kony" wrote in message
...
On Thu, 30 Jul 2009 21:18:06 -0400, "JimL"
wrote:

Thanks for what looks _to me_ like a good overview of firewalls.

Back to my opening statement, knowing these things has no
point unless you have a specific need that is thus far
unaddressed.

Perhaps you are forgetting one "point" in your search for specifics - the
future. And at my house, "not knowing" about a specific need is
definitely
not the same as "not having" a specific need. Having had no "holes" in
the
past (if indeed I have not) doesn't seem like much of a guarantee for
what
might happen tommorrow.

I've very recently switched from dial-up to cable modem. Seems to me the
very quantity of events inherent in a high-speed internet connection as
compared to dial-up makes firewalls a more important topic.

Fair enough, but you hadn't mentioned this yet unless I
overlooked it.

Since I got the cable modem connection I have thought about and worked on
several things I believe I should think about and work on in an effort to
head off what _might_ happen from here on. Looking ahead seems to me to
be
only common sense. But it doesn't seem to set well with many here who
demand that I describe a problem that _IS_ not a problem that _might_ be.
But that won't stop me from thinking about tomorrow's possible issues.

Use a router. Wifi even better. With this option in the
future you can add PCs as you wish, not depending on any one
for the internet connection, allowing for wireless laptop or
distant client use w/o stringing wire, change the operating
system and be online without concern about having installed
the firewall yet.


Specifically, as I thought about high speed internet issues, firewalls
came
to mind. (Perhaps I'm a worry wort, but I doubt I'll EVER leave myself
connected 24/7, no matter how good I think my protection is.) It looks
to
me like inviting trouble when I don't have to. So not knowing much of
anything about hardware firewalls I decided to ask, given the possibility
that more traffic might mean more problems.

Most people with cable internet access are likely to be
connected 24/7, and are safe doing so if they have a router
between their PC and the internet. So long as a windows box
with open ports isn't sitting exposed to the internet,
letting it sit online unused isn't much of a risk, the risk
is far moreso that of actively visiting a hostile website or
breached one delivering rogue malware, of opening an
infected email on a vulnerable client, inserting an infected
USB thumbdrive with autoplay enabled, and other actively
undertaken activities.

In other words, either it is something the user initiates
which gets them infected or an external thread is doing a
port scan or wifi survey. For now I will ignore the wifi
since your topic is about firewalls. Since the router is
not offering services other than routing, there is very
little possiblity of exploitation. It is not impossible but
let's face it, windows is targeted far more than any other
OS and any OS is targeted far more than specific router
models among the myriad possible routers and firmwares that
exist in the world.

As mentioned in my prior reply, a software firewall does add
one feature that's great for some, that it allows
per-application denial of wan/internet access. If you feel
that is important to have, I recommend running both a
software firewall that supports it (you mentioned Zonealarm
IIRC, which does support it), and a router with it's
inherant firewalling.

The better question is what does it hurt. They are
inexpensive, an additional layer of security, allow for
expansion. Downside is the ~$20 cost, a few cubic inches of
space it takes up and maybe a half dozen watts of power
consumed on average for consumer models.

A router in it's default configuration is often ready to use
out of the box except if it supports wifi you might want to
unscrew the antenna to eliminate any usable range until
security settings for wifi are set... though some might call
that paranoid but knowing how easy it is to put off doing
things or get busy doing something else, having the antennan
off until wifi is secure from the beginning eliminates that
possibility, assuming the router has only an external
antenna not one internal but again I am drifting into a
different topic than asked about.



I replaced my original DSL modem with one that has a
WiFi function, and that put the WiFi on the modem side
of my existing router. Therefor, the router's firewall protects
my wired LAN from both the internet and WiFi. This means
that my mobile WiFi enabled devices have no access to my
LAN, but they do have access to the internet. With no real
wireless network setup, the mobile devices can't connect to
each other. With no bridge setup the computers on the LAN
have no access to the mobile devices, nor is it open to the
wireless environment. So, I just leave the WiFi open and
anyone or any wifi device, in range can connect to the internet
through my DSL modem. While this could expose me to the
results of any mischief, that a very nearby operator might effect
using my DSL connection, it does not expose my LAN.

Luck;
Ken

Hm, so you sort of have both a WAN and a LAN set up on opposite sides of a
firewall.


With a wireless router ... I'd guess there are different configurations.
Assumedly all routers would have wire ports. I don't know "where" the
wireless would be. "Parallel" with the LAN ports? I guess my lone laptop
would be protected from the internet but open to drive-by access no matter
if I were running wired or wireless as long as the antennas were in place?
Am I confused or diffused?

Thanks

--
JimL

On Fri, 7 Aug 2009 09:43:14 -0400, "JimL"
wrote:



Again a good post from my point of view. As for "what does it hurt," I
don't know. You refer to "very little risk." That isn't the same as none.
I noticed that in about a year and a half ZA logged over 140,000 blocked
access attempts on dial-up. Apparently there are "scanners" just searching
for a chance to make trouble. And broadband presents the potential for even
greater numbers of scans.

Plus I put all of my computer stuff on switching control and shut them down
overnight if for no more reason than eliminating vampire electrical
consumption. Using old machines as I do it makes sense to me to cut down on
wear and tear.

Hardware firewall. You're kind of preaching to the choir there. I've been
trying to get a handle on whether to go wireless. (If it turns out it
doesn't even work where I want it, I could, as you suggest, just remove the
antennas.) You mention ~$20 in cost. I'd guess that if one were
concerned about reliability the figure would be somewhat higher.

Thanks


Higher cost buys more bells and whistles, or a newer 11.x
standard. "Some" low cost consumer routers have
insufficient airflow due to their passive design and minimal
air vents in conjunction with use of electrolytic
capacitors, but if that is the situation the casing can be
popped open and a few more vent holes drilled... I do this
routinely on budget routers that lack fans, but some would
prefer to just wait it out and replace a router when it
fails, if it remains stable until then.

Ultimately the wifi spec you select depends on your ISP
plan, it's peak throughput, or if you need to share large
files with systems only wifi connected. 802.11g exceeds the
throughput of most US ISPs, and allows streaming HD video
with good compression. If you have more demanding uses you
have to consider those as well... 100Mb ethernet is faster
than even 802.11n in practice, and I find 100Mb ethernet too
slow for my needs with a client:fileserver lan setup, but
buying for the future if you don't need this yet is probably
more costly than waiting it out till you need more than
basic interconnectivity.

The suggestion to take antennas off was just preliminary,
most any decent router also lets you disable the wifi
access, and/or encrypt and limit it by mac address, taking
antenna(s) off just effectively disables wifi till you make
any configuration changes you choose to make.

Bottom line, if forced to choose between using a router
w/firewall or a software firewall and direct modem
connection to a windows box, I'd pick the router every time.