dedicated firewall computer vs. firewall software per computer

[Kaido]

I have a number of computers running Windows on my home lan. It's a pain in the neck to get all the firewall and antivirus stuff configured on a per-computer basis. I've been thinking about converting an old box for use as a firewall. What do you think? Right now I have Cox cable Internet. I have a cable modem, a D-Link 54g wireless router, and wifi cards for each computer. Would I hook the box box between the cable modem and the wireless router? I would imagine Linux would be a good option for the firewall box. I just want a simple solution that will work well. One that could cover antivirus and firewall would be a nice too. I don't care if it's Windows, FreeBSD, Linux, whatever. What would you recommend?

 

[Kaido]

bump

 

[oldfart]

That is a good idea for many reasons.

You dont have to manage the FW on every machine on the network
Its good to have the protection at the entry point of the network instead of at the PC
Eliminates resource load on PCs And yes, run Linux.

Another option is to get a router with a decent firewall built in (which is what you would be building with the Linux box).

 

[mechBgon]

I would use a firewall between the world and the LAN (even just a plain broadband router), plus software firewalls on each system. That helps secure them against eachother in the event of an infected (or hacked) system inboard of your Internet firewall, trying to pimp its worms to the others. And if you have OS'es that permit it (meaning, not Win95/98/ME/XP Home), make everyone use a Limited/Restricted account so there's no rogue software installation going on, and check the systems out for common security oversights using Microsoft Baseline Security Analyzer 1.2.1.

This would probably be more a question for the Networking forum, by the way. If it vanishes from GH, then look for it over there

 

[Kaido]

Originally posted by: mechBgon
I would use a firewall between the world and the LAN (even just a plain broadband router), plus software firewalls on each system. That helps secure them against eachother in the event of an infected (or hacked) system inboard of your Internet firewall, trying to pimp its worms to the others. And if you have OS'es that permit it (meaning, not Win95/98/ME/XP Home), make everyone use a Limited/Restricted account so there's no rogue software installation going on, and check the systems out for common security oversights using Microsoft Baseline Security Analyzer 1.2.1.

This would probably be more a question for the Networking forum, by the way. If it vanishes from GH, then look for it over there

thanks, I'll go post my questions about what software I'll need over there

neat, I've never heard of Microsoft's Baseline Security Analyzer. downloading now!

 

[oog]

you leave yourself open to a family member or friend dropping by your house and using their virus-ridden laptop behind your firewall. personally, i believe it is worthwhile securing each computer.