12 pc network in need of a good firewall

Casey pounded out on the keyboard on or about 23-Dec-04 14:07:

If this is a home or small office with a Cable or DSL connection, a cable/dsl router should work just fine and not require any major configuring to get it up and running. If he has a more business type connection, like a 56K or T1, a more robust firewall would be best to get. There are different types out there and he would need to find out which would be best for him. There are routers, which would be considered a "hardware firewall", where configuration would be opening ports but no real logging or restrictions that could be applied. There are firewall hardened hardware/routers, such as the Cisco PIX Firewall or CheckPoint's Firewall-1 running on a Nokia IP router. These are probably the best choice for security as they run on the router's proprietary OS so not a lot possibility of hacks and needed to continually be patched for that reason. Then there are OS based standalone firewalls that have a known stripped down OS with the firewall application running on this. Smoothwall is an example of this as it uses a Linux kernel as it's underlying operating system. Then, of course, there are the desktop firewall softwares that run on the OS and protect individual systems. These would be like ZoneAlarm, Sygate, Kerio, et al. They all are good and each person has their favorite. You friend should look into one of the more stronger firewalls if this is a small office. Cisco, CheckPoint and others like them all have a wide range of sizes that they can certainly fit him into. As for the interception of emails, I'm not really sure how he can stop that. This may be something that he'd have to talk with his provider about so and work with them to work it out. This was a lot and if you need more info just ask. Good luck!


Reply to
Jeff Lord
Loading thread data ...

Get it behind a NAT router, I'll guess he's running them on a hub or switch with each machine having a public IP address.

Change all the passwords for the POP3 email accounts

Windows updates on all machines

Quality antivirus on all machines, that's current and fully updated. Scan all machines

Download, install, update, and scan, with several malware removal tools, such as AdAware, and Spybot Search and Destroy.

If there is a router, make sure no computers are in the DMZ, or any with unsafe ports forwarded. If any remote access software, make sure it's locked down well. Same goes for the PC's...don't leave them with the Administrator account having a blank password.

Reply to

Try Sygate v5.5

formatting link

Reply to

Heheheh proprietery OS, ever looked under the hood of a Cisco PIX or Nokia box?

Reply to
Mark S

andi lam schrieb:

brain 1.0 clue 2.4 knowledge 3.8 beta5


Reply to
Wolfgang Kueter


lately i have come across a friend who tell me that he network has been hack and emails have been intercepted by outside competeitions can anyone recommend a good firewall and security package

thanks in advance


Reply to
andi lam

Mark S pounded out on the keyboard on or about 23-Dec-04 22:02:

Okay, let's put this way:

Hardware firewall - runs on some type of networking specific hardware. And we all know that for any hardware to run it needs some kind of software. Networking hardware has it's own OS which if a variation of something, that usually being UNIX. (And I didn't say Linux, BSD, et al) This is a stripped down OS which will run on that vendor's hardware ONLY. Thus, you can't mix or match Cisco/Nokia/Nortel/Netgear/Linksys OS with other companies' hardware. So, it is a proprietary OS. With these OS you can do very rudimental "rules" that will allow and disallow certain traffic to pass through. Very limited.

So, if you run a firewall software that is OEM'd for that specific router, then it is running on a proprietary OS.

So yes, I've looked under the hood of those and many more.

Reply to
Jeff Lord

use a dedicated firewall, for 12 pc's the appliance needed depends on the bandwidth. Centrally managed Antivirus. crypto for the e-mails, PGP is one good choice.

in case he communicates with "default" clients direct all traffic over vpn or use a dedicated solution for inner-communications.


Reply to
George Pantazis

I'll give you a HARDWARE firewall. Boot from a USB linux distro whitch have only /temp mounted on a RAM drive and the device is SWITCH WRITE PROTECTED. Now go on and by from cisco......

Reply to

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.