Router Vunerable with Port Forwarding? D-LINK

My couputer and windows experience does not extend to much networking - so this will be a series n00b question:

I have three computers connected through a router - but they are not set up on a network. The router is a D-Link 604.

If I create a virtual server for port forwarding, am I making those ports more vunerable to attack? As long as I run a software firewall, will these ports be secure, or should I make changes to the default router firewall to assure security?

 

The simple answer is yes. By forwarding ports to a "server" you are making that "server" more vulnerable. How much more vulnerable depends on which ports you are forwarding and which services will be listening on those ports at the server.

Running a personal firewall can help protect the "server ". You could set up port forwarding to forward everything to a particular PC. By doing this you are effectively negating any firewall functionality on the router. But the personal firwall will take on that role instead.

However, I would question why you need to use port forwarding. You should only need to do it if you are hosting a service (such as a web or mail server) for external users/systems to connect to. If this is why you are port forwarding, a personal firewall will have to have the port open too, to allow the traffic to get to the service. The vulerability then comes down to how secure your service application is (including how well it is configured). For a web server for example, that can mean how uptodate IIS is, and how well it is configured.

Very few home and SOHO users need to port forward. If you are port forwarding to fix a connection problem, there is probably a better solution. While a personal firewall will protect a system, nowadays defense in depth should not be thrown away. You will probably be very secure with a good personal firewall. But you will be even more secure with a personal firewall and NAT or firewalling enabled on the router.