What would you reccomend for a firewall? SOHO would a router doing NAT be enough?

[mcveigh]

At home I just have my SMC router doing NAT. A friend is asking what he should have for his office, I looked at his setup and saw to my horror he has a cable modem and gets 8 ipaddress via dhcp from his cable company, at least most of them had black ice on them!

Anyway would a simple router be enough? I know I could setup a linux or BSD box to do it, but would prefer something simpler. Are there any intenet appliances you would reccomend? I've seen some of those "firewalls in a box" are they any good?

Thanks,

Seth

 

[fendel]

I have a small network at home hooked up to a Linksys router. I assumed it was enough--until one day I'm shutting down and this dialog box pops up to warn me that if I shut down, "USER: \\GIORDI" or something along those lines would be disconnected.

:Q

Needless to say, I shut down. Fast.

Right after that I installed ZoneAlarm, and I now get dozens-to-hundreds of alerts a day, some from addresses within my cable company's block of IPs, some from random places in Asia. Are they hitting my router and ZoneAlarm picks it up, or are they reaching my PC? Beats me...

So my answer is: I dunno, but I'd be interested in seeing what other people say.

 

[Challenger]

I just hooked up a Lnksys router model BEFSR42 V.2 and I've had Zone Alarm for a few years now and since I hooked up the router I haven't gotten a single alert with ZA compared to 25 to 50 a day before.

 

[BreakApart]

Some of the newer SOHO routers has "firewalls" built-in. Where-as the older ones simply used NAT.
Here is a Linky you may find helpful. practically networked has lots of great router.proxy/firewal info...



If he has nothing...then NAT would be a smart quick fix right now...

But in the long run, he may want to run something more secure than NAT.
Another solution would be the combination of a NAT router, and a proxy server for all user internet access. Double protection, plus the proxy will/should have full logging ability...


Regardless of what solution they use, anti-virus and user training will also be required.
All it takes is (1) person to download a trojan program and it will open a path through the router regardless of what they have.


Example: fendel's situation sounds more like he downloaded a trojan into his system. Happens alot these days...

Good Luck

 

[mcveigh]

<<

Regardless of what solution they use, anti-virus and user training will also be required.
All it takes is (1) person to download a trojan program and it will open a path through the router regardless of what they have.


Example: fendel's situation sounds more like he downloaded a trojan into his system. Happens alot these days...

Good Luck >>



Thanks I didn't think of that. I would really prefer a little box of some type instead of a whole pc running BSD, I want logging , but not nessarily stateful inspection

 

[mcveigh]

nayone ever use any of the sonic wall appliances?

 

[fendel]

Actually, after the "Giordi" episode I ran The Cleaner, and found no trojans; I formatted my C drive and installed Windows XP.... and I'm still getting ZA alerts. (And before anyone asks: yes, I changed the admin password on my router...)

Weird. FWIW, both boxes on our little network get alerts. Maybe I better check my router settings.

 

[Vraxx]

OK although one thing is that using a NAT Firewall sort of negates one aspect of his cable modem service. If he's already flipping the bill to get 8 IP's using the NAT router basically leaves the 7 other ip's unused. I agree that the company should probably invest in at least a software based firewall to run on the clients. If nothing else, I'd consider using the NAT box to splinter off machines that don't need direct access, then place any servers that must be publically accessible directly on the HUB --> Cablemodem (so that they are dhcp assigned from there)

If they don't have any large servers then they might as well just look at running everything behind the NAT box.

Just my $.02

 

[mcveigh]

he's got black ice on at least some computers I know. But all PC's need access to the net, I'm really looking at the sonicwall, seems like it might fit the ticket

 

[LordOfAll]

I would use sonic walls. They have a lot more professional options that you dont find in the less expensive boxes.

 

[jose]

I currently use the Linksys router/firewall. I don't enable the DMZ feature.

I have a win98, w2k workstations & SCO Unix , Linux Servers w/ most services running.

I scaned from the outside using nmap & it reported all ports closed. Since then I've changed
to a dynamic IP to increase my security.

I had zonealarm running , but nothing would show up since I went w/ the Linksys router.
Previously I had many scans on a multitude of ports. ie netbios

Now of course the router can be hit w/ a DOS but that would only shutdown my internet access.

If you had a Linux box acting as you router, you could use a proxy & use the firewall (ipchains/iptables)
to detect & keep track of where attacks are comming from . Can't do that w/ the Linksys router, but then
again I don't have to keep a computer running 24/7.

Jose

 

[mcveigh]

Jose, That's the reason I want to try and avoid keeping another computer running, although it might be cheaper.
I'm definately looking at the sonicwall but would like to find something cheaper if possible

 

[LordOfAll]

Netgear has a router that is based on sonic wall technology for a cheaper price. They are not the same and sonic wall has more features, but you may want to look into it.

model fr314

Edit: got model # wrong, fixed now

 

[LordOfAll]

Actually I just checked on practically networked's site and it appears a lot of people are having problems with the soho 2 that they didnt have with a soho (the model I have experience with), and are complaining that sonic walls tech support sucks. Use caustion. might want to check out the netgear RO318 or a nexland product.