1. Home
  2. Networking Firewalls
  3. too many firewalls?
  4. Page 2

too many firewalls?

yes. It will alert you after you have been buggered, and give you reason to examine what is going on.

Smoothwall will allow anything out that wants out if you leave it in the default config. It is better than relying on a PFW tho. Play with it.

re: all this thread... funny ... here's me thinking that security was about the intelligent application of *layers* of security.

PFW's can be a very useful part of an overall security strategy. Their main purpose is to stop inbound connections and to alert you when an app tries to talk. If you are in the situation where malware can get to your desktop in the first place then there is something seriously wrong with how your defences are layered.

Most touted hardware firewalls allow everything out by default. This includes almost every NAT based widget on the market, smoothwall, IPCop and other Linux based fwalls.

Smoothwall, IPcop, linux based and 'real' firewalls will allow you to create unlimited outbound rules, block sites, filter content, reduce DOS attacks(in theory), check the contents of packets etc whereas NAT based and PFWs usually don't. NAT boxes often have bugger all memory and will only allow you to create 10-15 outbound rules. I'm yet to see one that has an implicit Deny any any/Deny all rule for outbound either.

Just my $0.02 E.

P.S Zonelarm can stop most email borne malware as it can be configured to rename attachments. (vbs, exe, scr, pif etc)

Reply to
E.
Loading thread data ...

My 1/50 of a buck fwiw:

A software firewall is better than nothing at all. If all you have is a NAT-ing router, continue to use your software fw.

A dedicated firewall is definitely a preferrable option. While I think SmoothWall is a fine choice, I think a better choice would be a very minimal install of your favorite flavor of Linux.. no Xwindows, no webserver, nod DNS server etc... Just basic Linux with Netfilter (IPtables), routing and a couple of NIC's. There are plenty of good books/websites with all the info you would need to craft an iptables script that will effectively control and log your internet traffic in BOTH directions.. or if you can't quite grasp the syntax, there are plenty of people (including myself) that would be willing to throw together such a script, which you could modify for your specific environment.

As for AntiVirus protection, I'm not familiar with ZA's AV features, but whatever you choose to use, update your virus signature files frequently (ie- daily !!) At the corporate level, we are using McAfee's 8.0i product, which offers an improving level of application intelligence.. it can prevent and/or alert you to various types of egress traffic as well as perform some port filtering at the workstation level.... I'm not sure if this feature-set has found its way into thier consumer-level product line yet, but it certainly will. I'll stress again,,, what ever AV solution you use, UPDATE DAILY!

Best of luck,

Reply to
.

only allow you to create 10-15 outbound rules. I'm yet to see one that has an implicit Deny any any/Deny all rule for outbound either

E:

Netgear RT 314 "NAT-router" supports packet filtering rules on both LAN and WAN ports for control of both egress and ingress via: Protocol Destination address/port Source address/port (I use it to block some address spoofing)

Also, the RT314 supports logging

Reply to
CZ

Not true, most home users firewalls in your example might do that, but most business class firewalls don't. My WatchGuard appliances only allow DNS, HTTP, and HTTPS (if I remember correctly) outbound from the trusted network, and not from the DMZ, if you install them in routed mode. By default, without any user configuration, they won't pass traffic in any direction at all.

Most of the NAT boxes I've seen allow a "Private" IP and a "Private" Port range definition - with these you can specify IP or PORT ranges that can't leave the local network, but they are often limited to 10 or less ranges in the configuration - you could specify 0-65535 in one range if you wanted.

Reply to
Leythos

I shoulda highlighted 'touted'. I was referring to wee boxen calling themselves firewalls, not Watchguards, Pixs, Nortels etc E.

Reply to
E.

How many rules can you add to each interface?

Make sure you export it to a syslog server. Some Netgear models logging overwrites all the available RAM causing dropouts. e.g. DG632 E.

Reply to
E.

Fine, so what about getting some clue? Rates upon requst.

Wolfgang

Reply to
Wolfgang Kueter

E wrote: How many rules can you add to each interface?

E:

Four. You can setup 12 rules, and apply 4 max to an interface.

Reply to
CZ

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.