do we need to get a hardware firewall to protect ourselves from future attacks?

[r6ashih]

I just started to work at a place where they dont have a firewall, and their server just got hit with the blast worm.
let me describe the setup to you so you guys can better understand the situation.

dsl modem(NAT capable but not enabled)-->win2k server---> other computers

the win2k is an active directory server, db server and webserver, and its doing the ip routing.

if i disable the ip routing on the win2k server and enable the NAT on the dsl modem will that be enough to protect the computers from other worms? or do i still need to get another hardware firewall so i can close ports?
what hardware firewall do you recommend?
or could i just install zone alarm onto the win2k server and have that function as the firewall since everyone goes through active directory anyways?


there are about 15 computers at the office..

thanks,
Alex

 

[spidey07]

Yes.

Any host that is connected to the internet needs to have some kind of firewall in place. The sonicwall and cisco 506 would be good fits. Sonicwall is pretty easy to configure.

 

[r6ashih]

How are router firewalls different from the dedicated firewalls? also is setting up one of the cisco or sonicwall firewalls difficult?

thanks,
Alex

 

[masul0100]

I would grab an old system and put Smoothwall on it. I have been using it for last few months and it has worked great. I am using a P166 and have not had any traffic problems with my 2.5Mbit line.

Masul

 

[r6ashih]

is it okay if i just install zone alarm onto the s2k server then? will that be sufficient?

 

[azev]

How are router firewalls different from the dedicated firewalls? also is setting up one of the cisco or sonicwall firewalls difficult?

I've setup different firewall from a $30 speadstream to a $5k cisco/sonicwall/netscreen.
Most of these firewall has a web based administration build in, and the default setup will get you running in no more than 15 minutes.
The major differences between this firewall is the set of rules. More powerfull/expansive firewalls have rules that you can setup, where the home market firewall normally only have port forwarding. Most of firewall today is also a router a NAT router that is.

The basic consept are almost the same with every manufature, the only different is the implementations.

I found sonicwall is one of the easiest ICSA certified firewall even for n00b.
Cisco firewall I found to be one of the hardest to configure.

 

[r6ashih]

so do you recommend me getting the sonicwall firewall over installing zonealarm onto the server? what model sonicwall do you recommend?

Thanks for your help,
Alex

 

[azev]

I would prefer using hardware firewall to protect my network. Sofware firwall can sometime be a PITA.
Get sonicwall soho3, I think they are pretty cheap now days. Make sure you get one with 25 Users.
Sonicwall also has a lot of other options that you can get such as content filtering, viewpoint (log server), even antivirus.
I am sure you'll be happy with it.

 

[martind1]

wow, a hardware firewall would be a GREAT idea. I can't believe you dont have one. having the hardware firewall at the "opening" to the internet will protect all computers behind it.

just putting zonealarm on the w2k server only protects that. I find the hardware firewall to be easier to manage too, but thats my opinion.

either way get SOMETHING on there.

 

[Garion]

Originally posted by: azev

How are router firewalls different from the dedicated firewalls? also is setting up one of the cisco or sonicwall firewalls difficult?

I've setup different firewall from a $30 speadstream to a $5k cisco/sonicwall/netscreen.
Most of these firewall has a web based administration build in, and the default setup will get you running in no more than 15 minutes.
The major differences between this firewall is the set of rules. More powerfull/expansive firewalls have rules that you can setup, where the home market firewall normally only have port forwarding. Most of firewall today is also a router a NAT router that is.

The basic consept are almost the same with every manufature, the only different is the implementations.

I found sonicwall is one of the easiest ICSA certified firewall even for n00b.
Cisco firewall I found to be one of the hardest to configure.

A bit to add to this.. Your typical $100 SOHO "router" really isn't a firewall, even though they often claim to be. They simply obscure your internal network using NAT, Network Address Translation.

A real firewall has a variety of additional functions - For example, they do stateful packet inspection to actually LOOK at each packet coming in to make sure the payload isn't harmful. Little routers don't do that - They let everything through that they think believe is valid.

So, from a real security perspective, a *real* firewall is far better than a cheap SOHO router. You, can, however, get some really cheap real firewalls that will handle a reasonable amount of traffic. If you need to go REALLY cheap, check the hot deals forum - There's a watchguard firewall that someone found a great deal on one. It's not spectactular, but it's much better than other cheapies.

Lastly.. Even turning on NAT on your DSL router will provide a HUGE security difference. Do so, and get rid of your dual-homed server, unless you absoutely need it for something - It's a major security hole waiting for a break-in to happen.

- G

 

[sector51]

i recommend having a hardware firewall which would be your router, a software firewall which could be norton or whatever floats your boat, then using winxp's built in firewall if you have it.