Hi, I'm helping setup a network for my friend's law firm (5 computers). I'm going to put in a server to backup their data(their doing it all on floppies right now...!@!@ and using AOL dial up) Their dsl internet will pass through a watchdog firewall, then into the router where it will split off. Will the firewall alone be enough security? No webservers, or email servers on site. Thanks.
Is a firewall enough for a small law firm?
- Thread starter calvink
- Start date
what else would you use apart from a firewall to secure your internet connection?
as far as being enough, the best firewall in the world is only as good as the person making the filters
if correctly configured you firewall should be all you need to protect a network like that esp if its a dynamic ip and seeing as its aol i reckon that to be the case.
as far as being enough, the best firewall in the world is only as good as the person making the filters
if correctly configured you firewall should be all you need to protect a network like that esp if its a dynamic ip and seeing as its aol i reckon that to be the case.
, good thing I know how to make filters. any pointers are appreciated, thanks. edit: oh yeah, i'm going to recommend a dsl provider with a static ip just cause it's easier if they ever decide that they want a vpn, etc....
and this is the firewall I am going to recommend, unless you guys suggest otherwise. WatchDog
Why are u putting the firewall before the router?
I dont have any experience with watchdog, but I would recommend an entry level Sonicwall for your situation. A Pro 100 or Soho3 will do NAT off of it so you will not need a DSL router after it, just a cheal 8-12 port switch.
Very easy to configre and you will have built in VPN capability right off the bat.
A Cisco Pix 500 would be ideal as well, but that would not be as easy for them to maintain.
soho3
I dont have any experience with watchdog, but I would recommend an entry level Sonicwall for your situation. A Pro 100 or Soho3 will do NAT off of it so you will not need a DSL router after it, just a cheal 8-12 port switch.
Very easy to configre and you will have built in VPN capability right off the bat.
A Cisco Pix 500 would be ideal as well, but that would not be as easy for them to maintain.
soho3
Hi, seen your post. I had an exprience, a side job, very simular to yours. I learned the hard way about security and Law firms.
I was so worried about people getting in that I let a security hole on info getting out, like on e-mails and documents sent to clients. Watch e-mails sent to each other( The Partners). The stuff they say in clear text was amazing. Protect your self no matter how good of a friend this lawyer is.
Make a proposal of what your going to do, what email system you will use (ENCRYPT IT !! ), and explain the back-up sysytem to them, who will run it and back it up to a secure server behind another firewall. AND who is to maintain the security and system after the install. "Small Law firm" can cause you Large Headaches. When Firms get hit with a discovery, that means electronic too, they can come in and pick your whole e=mail system apart .
You can also get info on storing data from secure services that encrypts, stores, has secure clients and e-mail. They deal with people like law firms and R+D people. They generally arenot ISP's, but their services are on the net, browse around for them.
Ftp, tftp, telnet are dead, learn secure shell.. sorry Iam goin off on a tangent here, That s my 2 cents, one screwdriver turner to another,
....Protect yourself .
Later.......
I was so worried about people getting in that I let a security hole on info getting out, like on e-mails and documents sent to clients. Watch e-mails sent to each other( The Partners). The stuff they say in clear text was amazing. Protect your self no matter how good of a friend this lawyer is.
Make a proposal of what your going to do, what email system you will use (ENCRYPT IT !! ), and explain the back-up sysytem to them, who will run it and back it up to a secure server behind another firewall. AND who is to maintain the security and system after the install. "Small Law firm" can cause you Large Headaches. When Firms get hit with a discovery, that means electronic too, they can come in and pick your whole e=mail system apart .
You can also get info on storing data from secure services that encrypts, stores, has secure clients and e-mail. They deal with people like law firms and R+D people. They generally arenot ISP's, but their services are on the net, browse around for them.
Ftp, tftp, telnet are dead, learn secure shell.. sorry Iam goin off on a tangent here, That s my 2 cents, one screwdriver turner to another,
....Protect yourself .
Later.......
skyking
Lifer
- Nov 21, 2001
- 22,656
- 5,769
- 146
Two more cents:
The small law firm I have had network dealings with was a veritable hotbed of viri, and it seemed the common thing at many law firms.
If you are going to be responsible for any support, I'd make strong recommendations for antivirus protection, and plan on protecting the server also.
The small law firm I have had network dealings with was a veritable hotbed of viri, and it seemed the common thing at many law firms.
If you are going to be responsible for any support, I'd make strong recommendations for antivirus protection, and plan on protecting the server also.
Thanks for your help guys. I'm going to recommend Norton Corporate Edition to them for antivirus. I thought the firewall goes before the router, please correct me if i'm wrong. But BuzzardBait1177, got me scared. Not using ftp's? etc... using secure shells, where would i find this type of information? And how would i encrpypt / create secure email logins?
the firewall can go before a newtork router it depends on the firewall usually the less specailized ones cant act as routers so you will need to put it in before the router. you can create secure pop3 by using pop3s in linux not sure how to do it in exchange. Personally i wouldnt allow pop3 connections into the lan i would setup some form of secure webmail if remote users need in i believe squirrelmail does ssl.
SSH is well docuemnted again a linux thing it can be found found for windows but its not quite so wide spread. if you have a linux box then just do a man sshd 99% of all distros have it in as default. As for not using ftp its like anyhting if its properly setup there is noreason not to use it. just dont use the same user/pass as you do on the lan and make sure you keep very tight permissons. Proftp is a very powerful ftp amazingly controlable. the is vsftp which is an encrypted ftp but i have never worked with it so cant really shine any light.
Hope gives you some ideas
Many good recommendations here. My .02:
1. Buy an entry-level SonicWall or NetScreen 5XP.
-Both are *stateful* firewalls (superior to just packet filtering)
-Both can easily handle connectivity from DSL/Cable providers.
-Both can serve DHCP addresses to the internal network
-Both have excellent VPN capabilities
-Both are easily configurable via GUI interfaces (NetScreen's is nice, IMHO)
-Don't know about SonicWall's entry-level features, but NetScreen's 5XP uses the same code and feature-set as their Enterprise-level 500's (only a smaller package)
-I think the SonicWall has more overall features, such as virus protection/URL filtering. If the office is using Norton, this may not matter.
2. If you go with either option in #1, just buy a switch to connect your internal devices and you're done. No need for separate router (unless you plan on setting up vlans and segmenting the internal network for various purposes). But I'm guessing that this size law firm doesn't require that level of traffic separation.
HTH and Good Luck!
1. Buy an entry-level SonicWall or NetScreen 5XP.
-Both are *stateful* firewalls (superior to just packet filtering)
-Both can easily handle connectivity from DSL/Cable providers.
-Both can serve DHCP addresses to the internal network
-Both have excellent VPN capabilities
-Both are easily configurable via GUI interfaces (NetScreen's is nice, IMHO)
-Don't know about SonicWall's entry-level features, but NetScreen's 5XP uses the same code and feature-set as their Enterprise-level 500's (only a smaller package)
-I think the SonicWall has more overall features, such as virus protection/URL filtering. If the office is using Norton, this may not matter.
2. If you go with either option in #1, just buy a switch to connect your internal devices and you're done. No need for separate router (unless you plan on setting up vlans and segmenting the internal network for various purposes). But I'm guessing that this size law firm doesn't require that level of traffic separation.
HTH and Good Luck!
Nothinman
Elite Member
- Sep 14, 2001
- 30,672
- 0
- 0
vsftp is NOT encrypted. If it was it wouldn't be an ftp daemon, FTP itself doesn't allow for encryption. You need to run ssh/sftp if you want encryption, or run FTP encapsultated in a VPN.
The reason not to use it is that everything (passwords and data) are sent in clear text. Anyone with a net connection between the server and the client can capture the username and password or the data being transferred. If you have sensitive data, DO NOT use FTP.
depends on whats being sent and recieved i spose as for vsftp i stand corrected as i said ive never used it
i guess the only safe option is a vpn using 3des and man with a gun standing next to the router screaming at the packets to wacth what they are doing as the pass through. hmm wonder if they would hear from inside thier tunnel k, i think i'll go with the ftp'n through a vpn tunnel for the firm. For the most part they're doing everything local. So i don't think they need a secure ftp, cause it's pretty dangerous to have an ftp inside the lan.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 24K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 20K
-
-
-
Facebook
Twitter