New Firewall

A non-default subnet like 255.255.248.0 and not 255.255.255.0? A strong password on the device or internally on all the computers? And what would you suggest as a replacement for a 10 person network with only internet access, no webserver?

"Steve" wrote in news:qI10e.49$ snipped-for-privacy@news.uswest.net:

Hi. Make sure you also run a local software firewall on your machines/clients. Naturally, update the fireware of your NAT to latest one if it;s available.

It's a NAT router with additional features. A nice unit, but still just a NAT router. It's compromised by the same means that NAT Routers are compromised.

If you don't forward anything inbound, block standard MS file sharing ports outbound, don't setup the VPN improperly, and use a non-default subnet and a strong password (12+ characters) you are as safe as you can get with that type of device.

No, I was thinking of something other than 192.168.0.0/24 or

192.168.1.0/24, more like using 192.168.10.0/24. Also, there is little that a home user or small office could use that would do better for the same price range. I personally like the WatchGuard SOHO 6tc units, but I'm very partial to WatchGuard. I've setup lots of D-Link DI-804HV units and they have yet to be compromised, but I never mistake these types of units for Firewalls.

"Steve" wrote in news:ur30e.9$ snipped-for-privacy@news.uswest.net:

I run with a WG SOHO 6 with two IIS Web servers some times three not exposed to the Internet and two SQL Servers sometimes three not exposed either. And a Linux machine with Apache not exposed. All machines used in program development purposes and day to day life on the Internet. Nothing has come past the WG.

Whatever you do get something to review the logs.

Also, get a FW appliance if that's where you're headed that meets the specs for (what does a FW do?). WG is not the only one but I have not had any problems since I have had it. On the other hand, they came past the NAT router like a hot knife through butter. However, BlackIce that was running on the machines at the time stopped the attacks on SQL server. I don't use BI to supplement like I did with the NAT router anymore.

Duane :)

I like 10.0.0.0/8 inside - nice and sparse :-)