Firewall for small business environment

Thanks Duane. I will look at the webpage you suggested. I believe the server is using NTFS already. I'm not sure how to lock down the registry. I am fairly new at working with an NT server, I have done much with simple file and printer sharing (peer-to-peer type) home networking, but this is my first foray into a dedicated NT server network.

Thanks again for your suggestions.

Patty

Patty wrote in news:p3h95kjxoluq.osrnhulee32u$. snipped-for-privacy@40tude.net:

You should have them get a low-end WatchGuard SOHO 6 Firebox or some similar FW appliance like Sonicwall, Snapgear, etc, etc, to replace the D- Link NAT router then you will not need to supplement the NAT Router (with no FW) with any host based FW solution running on a machine. That D-link NAT router is just that a NAT router with FW like features but is not a real FW. On the other hand, the D-link is most likely good enough for a small LAN satiation and high risk things are not being done like port forwarding on the router.

And you can supplement the NAT router with a PFW solution on the workstations. As for the NT4 server, you should try to harden the O/S to attack by shutting down unneeded services on the machine and other things like locking down the registry, using NTFS ect, ect. You should consider not installing a host based FW software on the server as it would be sucking up needed resources.

The link should also help you in your FW selection process.

Hi Patty,

You may wish to investigate the Cisco Solution Designer:

Brad Reese BradReese.Com Cisco Resource Center Toll Free: 877-549-2680 International: 828-277-7272 Website:

Since this is NOT an ALT or BIZ group, do you really feel that it's appropriate to SELL your products in here?

Like another poster always suggesting Zywall units from home company website, posting a sales message in response to a request for information, when you have a vested interest in the sale/product makes your recommendation suspect. It's almost like a spam.

If you were to suggest three (or some number) products and include your vested interest product, it would not be as bad, but you should limit your information on the sale of products to ALT and BIZ groups.

In article , Leythos wrote: :On Sat, 16 Apr 2005 18:10:22 -0700, BradReeseCom wrote: :> BradReese.Com Cisco Resource Center

:Since this is NOT an ALT or BIZ group, do you really feel that it's :appropriate to SELL your products in here?

:Like another poster always suggesting Zywall units from home company :website, posting a sales message in response to a request for information, :when you have a vested interest in the sale/product makes your :recommendation suspect. It's almost like a spam.

Leythos, Brad's link was to

$ whois -h whois.networksolutions.com CISCOWEBTOOLS.COM

Domain Name: CISCOWEBTOOLS.COM

Administrative Contact: Reese, Chad snipped-for-privacy@cisco.com Cisco Systems 170 West Tasman Drive SJ-19/4 San Jose, CA 95008 US

Brad has no vested interest in ciscowebtools.com. The only thing he gets out of it is the possibility that someone might view his messages as being indicative of someone who is helpful and knows the product well and so is worth choosing over one of the other many dealers in the same product.

If Brad had posted the link without his company affiliation, he would have been open to accusations that he was making "stealth" suggestions without revealing his bias.

As to the notion that he should have recommended several possible manufacturers, I have several replies:

a) Brad's organization does deal with at least two different manufacturer's lines, and his link was to resources about the line that is more likely to be suitable to the OP (the other manufacturer's products tend to go into larger businesses)

b) "Write what you know" -- if Brad does not have the information (or time) to keep up with the details from several different manufacturers, then should he have been required to spend the time researching those others before posting mentioning one he does know ?

c) Just a few days ago, you yourself posted a message in which you suggested only a single manufacturer for a particular application (Linksys). According to what you are writing here, you should have looked to have seen what other manufacturers' equivilents were and mentioned them in your posting.

d) By posting the security-related responses that you post, are you too not in a sense "selling" your skills and organization's services? Perhaps you do not mean it that way, but considering that Brad's posting content was to a third-party resource rather than to his own web site, do you know that he meant his message as a sales pitch instead of as just being helpful?

If I was wrong, then I apologize to Brad and the group.

And since I've started seeing his posts, he's only suggested CISCO as the sole solution for everything he's recommended. That was the start of my opinion, and his sig.

But many of us, not tied to a vendor for compensation in some means, use multiple products for multiple solutions. No person, as a non-paid employee of a firewall vendor, can make a living with a single product solution path.

But you don't see Linksys or any of it's companies represented in my Sig, and I make suggestions for other products all the time. Unlike single vendor solutions, I recommend many different products - Sonic, Netgear, D-Link, Linksys, WatchGuard, Netscream, Pix, CheckPoint.

I'm not selling anything to anyone here - if you follow my replies I try to keep people in the forum and NOT take it to email and I don't ever tell anyone how to reach my company email/site, not once in 20+ years of being on Usenet.

As for his intent, I can only assume the intent due to the postings of his that I've read - never seen one that suggests anything other than CISCO products, have you?

Brad, if you don't have a vested interest in selling/purchasing CISCO products, then I apologize for my posting and assumption.

It would be nice if you could clear this up so that we don't have a misconception of your link to CISCO products.

:> a) Brad's organization does deal with at least two different :> manufacturer's lines, and his link was to resources about the line that :> is more likely to be suitable to the OP (the other manufacturer's :> products tend to go into larger businesses)

:And since I've started seeing his posts, he's only suggested CISCO as the :sole solution for everything he's recommended. That was the start of my :opinion, and his sig.

Solutions based on the other lines he deals with might not have been appropriate for anything he has happened to write about in your view.

:But many of us, not tied to a vendor for compensation in some means, use :multiple products for multiple solutions. No person, as a non-paid :employee of a firewall vendor, can make a living with a single product :solution path.

Brad's company is, amongst other things, a Cisco VAR. He is also in the "asset recovery" field for higher end equipment. He does not work only with firewalls. The Cisco VAR business is certainly big enough that one could have a company that deals only with Cisco equipment; he also deals with some other lines.

:As for his intent, I can only assume the intent due to the postings of his :that I've read - never seen one that suggests anything other than CISCO :products, have you?

Yes -- and I've seen him do so right in comp.dcom.sys.cisco .

:Brad, if you don't have a vested interest in selling/purchasing CISCO :products, then I apologize for my posting and assumption.

Your posting earlier implied that he was directing people to his company; instead he was suggesting that people might be interested in a particular manufacturer's products; and he included enough information in his signature to make it clear that his opinion might not be unbiased. Someone who works a lot with a particular manufacturer's equipment is more likely to know the scope of that equipment than a random passer-by.

Would Brad benefit if the poster followed up the link, liked what they saw there, and bought Cisco as a result? Yes -- but only in the "rising tide" sense that the more people that use Cisco equipment, the greater the number of people who are likely to want the services of his company. Is Brad a Cisco employee? Not as best I have been able to tell, but I am not privy to Cisco company records. Does Brad get paid by Cisco if someone decides to purchase Cisco equipment through his company instead of through a different dealer? Not as far as I know -- he gets a commission, which is different than being paid.

It is within the realm of possibility that Brad owns some Cisco stock and so benefits each time someone buys Cisco equipment even through a different dealer. I wouldn't know about that.

The first couple of times I saw messages from Brad, I too thought "spam", but as I saw more I realized that he directs people to Cisco's site more often than to his own, and when he does reference his site, in the large majority of cases it is for information or service that either is not otherwise publically available or else would otherwise be notiably more difficult fo find directly.

I have no financial interest in Brad's company, or in Cisco. [I'm a government employee, not in private industry, and I've never bought stock in -anything- as I do not wish to be in conflict of interest. FWIW, one of the mutal funds I have invested in might not have completely sold it's Nortel shares; I haven't looked at the prospectus for years.]

This is certainly more than I wanted to know about someone posting in this NG. ;-)

How is it that you know so much about this person's business?

Duane :)

In article , Duane Arnold wrote: :This is certainly more than I wanted to know about someone posting in this :NG. ;-)

:How is it that you know so much about this person's business?

I've been active in comp.dcom.sys.cisco for years. I contribute on the PIX side, and I pay attention to a fair range on the router side, hoping that some of it will sink in.