gibbons said:
The only firewall protection I have right now is a router, which I understand is next to nothing.
Who told you that?
Like others have said, the router is a MAJOR protection. Why? Because the router creates a private network behind it that is inacessable from the outside
except for connections that either :
1) Initiate from within your home (presumably because you desired them); or
2) Through openings that you specifically create.
Lets say your ISP assigns your modem/cable modem/digital connection/access point the IP of 100.20.10.41, and this IP is a public IP address. Furthermore, lets say that your computer is directly connected to your connection device. That means that anyone with internet access can try all kinds of nastiness against the address 100.20.10.41 and ONLY the protections installed on your computer will defend you. The inherent protections in Windows are quite faulty, as everyone pretty well knows, and even with Windows Firewall installed (which is better than nothing), the exposure is significant. One exploitable bug in XP discovered by the searching hacker and boom, you're in trouble. See, an IP address isn't a single connection - its actually 65k (and change) potential openings called ports. Some ports are fairly safe, others are extremely dangerous in the wrong hands, and all of them under this configuration are out there, waiting to be scanned for an opening.
Now insert the router.
Your ISP still assigns the address 100.20.10.41 to the first device to connect on your connection, but now that device is the router. The router has 65k ports, just like your computer, but - and here's the kicker - they are ALL closed by default. They only open from inside. Whats more, when your computer turns on, it wakes up and says, "Hello world, whats my IP address?" Before, the answer it got back was 100.20.10.41. NOW, the router kicks back a different address - 192.168.1.100.
192.168.1.100 is your computer's IP address, but that IP address exists ONLY on your side of the firewall. The outside internet can't see it - it never knows it exists (EVEN if you expose ports on the router, the 192 IP is still private). The port scanner can go up against the router to its heart's content but unless you create an opening on the router that links a specific port to your private IP address, your computer is safe from outside attack.
Your PC *IS* still vulnerable from connections you initiate, of course. If you open your freshly installed, un patched IE 6.0 browser and point it at
www.hackunown00b.com, your computer creates a connection to the web server which creates a pathway for the server to turn around and talk to your computer directly. That, however, is because you opened the connection, and no router is going to protect against that.
Here endeth the lesson from Security: The book of Routers: Chapter 1, versus 1 to 100.