Current trend these days, is when you have an ISP broadband connection, like cable modem (e.g. Comcast or AT&T), they require the connection be terminated at their router, and you have no control over it. I really hate this, as I have no idea what is allowed through that router. And now, with the security vulnerability of cheap routers (that the ISP is providing you), it leaves you with a feeling of hopelessness.
If you want an example, go and see http://www.networkworld.com/article/2862390/security0/misfortune-cookie-vulnerability-affects-12-million-routers.html
I have no idea if the router they placed at my termination point has up to date firmware, and even if the router is vulnerable. To secure myself, I have a secure firewall behind the router, so that even if some worm compromises my router, then at least I can provide some type of protection.
Before Comcast required me to change from the old cable modem bridge, to this new cable modem router, I used to be able to remotely log into my firewall, and monitor scrupulous activity. Now, I don’t have that ability, with that NAT router. Maybe this is the reason to get a business class Internet connection? But I’m not sure if I want to pay the extra amount for that.
My point??? If your ISP provides you with a NAT router, get another NAT Router or Firewall, that you can control.