Smoothwall vs Netgear router

Hi, Looking from some advice please.

I have a small home network (Linux and Windows) connected to NTL cable through a PC running Smoothwall. This works great but the Smoothwall hardware is becoming unreliable and I need to think about a replacement. Also, I would like to add wireless to my network. Options I am considering are:

  1. Build a replacement Smoothwall to replace the existing one and put a wireless access point on the network.

  1. Replace the Smoothwall with a wireless router. The Netgear WGT624 has been recommended to me but I'm open to suggestions.

The question I have is about the firewall capabilities of the Netgear (or similar) compared with Smoothwall. Would my network be as secure with the Netgear as with the Smoothwall? I only occasionally open up ports on the Smoothwall, the rest of the time it runs "as supplied". To be safe from the outside world with the Netgear, would I need firewalls on the machines on my network?

Thanks in advance.

Reply to
Dave
Loading thread data ...

The AP will be in the trusted zone so other machines can be hacked wire or wireless.

If the router is ICSA certified, then you may want to get it. If it's not then you may not want to get it. Most wireless routers for home usage I have seen are not ICSA certified.

If the router is ICSA certified, then it should be a FW router that should be able to do everything that Smoothwall can do with the Smoothwall being a host based FW solution and the FW router being a standalone appliance solution, in regards to them both being network/Internet FW solutions.

As someone can hack the wireless on the LAN and join your wireless network standalone WAP or wireless router and be all over the top of your machine wired or wireless, you may need to better secure or harden the O/S(s) to attack or put a PFW on them only allowing traffic between specified LAN IP(s).

Netgear has ICSA certified wire routers and some others make them too. That with a standalone WAP connected to the router is a choice.

At the min., the first link indicates what a host based or appliance solution such as a packet filtering FW router or FW appliance should meet in the specifications of a network FW.

formatting link
You should get something that has a syslog that Wallwatcher or KWIW Syslog Daemon can be used and watch traffic to/from possible dubious remote WAN IP(s).

Duane :)

Reply to
Duane Arnold

Agreed that is a possibility. I'd be using an AP with WEP and WPA security and MAC address authentication. Being new to this I assumed it would be secure. Are you saying it would not be good enough?

I can't see anything to say it is ICSA certified.

OK, I can see that this is an option but I don't quite understand. Would the WAP be on my internal network? If so, presumably that still leaves my network open to someone who hacks the wireless? Or are you saying that the WAP would be outside of my network. Sorry if I'm being a bit stupid here.

All good information. Many thanks.

Reply to
Dave

For the next door neighbor that doesn't know anything, I would say yes. For the hacker with some expertise, I would say no.

Most wireless NAT routers are not ICSA certified.

Yes

True

No, the WAP would be in the trusted zone on the LAN.

All I am saying here is just be aware of the wireless issues.

You should use Google and look up War Driving if you don't know what it means.

Duane :)

Reply to
Duane Arnold

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.