Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Wanet Telecoms Ltd on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Hardware vs Software Firewall

Status
Not open for further replies.
Mr20

Mr20

MIS
Aug 22, 2003
35
US
I currently work for a very small company that is using a LINKSYS Etherfast Cable/DSL Firewall Router. The router uses NAT(Network Address Translation) to protect against internet intruders. Is this secure enough? or should we be using some type of software firewall like Multipoint or Norton? I would really appreciate any advice or information that anyone can provide. We are also operating on a tight budget, so any economical solutions would be helpful.

Thanks in advance.
 
Sort by date Sort by votes
> Is this secure enough?

Probably. Depends on how the firewall is setup.

Do a port external scan.
or

>or should we be using some type of software firewall like >Multipoint or Norton?

Don't bother. Hardware/unix or linux are always the way to go with firewalls. Software firewalls can be used for secondary protection but in this case isn't worth it.
 
Upvote 0 Downvote
Im not talking about standard linux distrow, I mean tailored firewall solutions - Gnatbox, Freesco, IPCop, or Smoothwall.

 
Upvote 0 Downvote
Your Linksys box isn't secure enuf. It blocks most traffic on the outside but doesn't do squat for outbound traffic. Been a while since I used linksys but I think it can actually work hand in hand with lockdown.
If you're looking for cheap, the software firewall is the way to go but a decent hardware firewall is even better. Well worth the investment. Ashpp has mentioned some good solutions.

~ K.I.S.S - Don't make it any more complex than it has to be ~
 
Upvote 0 Downvote
A hardware solution is usually best, and the most expensive. A Nokia appliance running checkpoint, or something in that category.

You can go with some of the broadband routers with built in firewall, linksys [I have one on the outside], Cisco [1700 series with the firewall option or something similar], dlink, 3com, SMC, etc.

Then there are software firewalls on a dedicated box. Microsoft's ISA [I use this as the inside firewall, mainly because I also get the web cache], Norton's [formerly Axent] Raptor, Checkepoint again, etc.

Whatever you do, it should be a standalone server/device. When you put firewall software on an application server, you generally end up opening too many ports or otherwise losening security just so the application will continue to run.

If you're an SBS user, you may consider a broadband router with firewall on the outside, and ISA on the inside. With ISA, you also get the web cache which helps reduce traffic. You can find more information on ISA at
Linux is not a panecea. It's currently the buggiest OS on earth. A few vendors have taken the kernal and "stabilized" it. HP, with HP-UX, is one I can think of. At that point it's no longer linux, and the price reflects that fact.

SCO, one of the remnants of Novell, is currently suing IBM for taking parts of it's code and incorporating it into linux. Apparently, they feel they can prove it and have a good case. The potential financial liability for whinex users is staggering. If you have to use a unix variant I'd recommend one with an untarnished pedigree, FreeBSD or OpenBSD, to avoid potential liability.

John
MOSMWNMTK
 
Upvote 0 Downvote
If you're looking at hardware firewalls, i've been recommending and installing "snapgear" firewalls lately. . The sme550 costs about $550 canadian and carries some awesome bang for the buck, and it's stateful. Has a linux kernel, set it and forget it. Has the feature of "block all traffic but allow these ports" feature. It's worth the look

~ K.I.S.S - Don't make it any more complex than it has to be ~
 
Upvote 0 Downvote
Thanks for the information guys. Your comments are really appreciated.

The company that I work for only has about 10 client workstations, including the server and printers. They already had the Linksys firewall router installed before I started working there and my boss wants to install Norton Internet Security software on the server. I thought that the Linksys would be enough since it is such a small network.

I plan on checking the configuration of the router/firewall. I don't have much experience with firewalls, so any assistance would be appreciated.

The overall goal is to keep external people out. There will be no limits internally.

Thanks
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

tviman
  • Locked
  • Question
Remote Apps vs Remote Desktop Connection
Replies
0
Views
224
tviman
tviman
intel233
  • Locked
  • Question
Computer GPO - Software Install
Replies
0
Views
202
intel233
intel233
AlfonsoSF
  • Locked
  • Question
Esplorer (not the internet browser) hangs in a user RDP session ins a W2016 vsphere virtual machine.
Replies
1
Views
266
hairlessupportmonkey
hairlessupportmonkey
Leozack
  • Locked
  • Question
LOGON SPEED : GPO settings vs script reg import etc
Replies
3
Views
406
Leozack
Leozack
ALVader
  • Locked
  • Question
Should firewall also be a ntp server
Replies
0
Views
207
ALVader
ALVader

Part and Inventory Search

Sponsor

Back
Top