What would you recommend for a firewall? SOHO router doing NAT would be enough? [firewall soho] [smc router]
Q: At home I just got my SMC router does NAT. A friend asks what he should have his office, I looked at his setup and saw to my horror, he has a cable modem and get 8 ipaddress from DHCP from his cable company, at least most of them had black ice on them!
Anyway a simple router would be enough? I know Im a Linux or BSD box to do it, but would prefer something simpler. Intenet there are devices that you would recommend? Ive seen some of those “firewalls in a box” are they good?
Thanks,
Seth
FirewallPro – Full Online Protection
Re:Actually I just checked on practically networked's site and it appears a lot of people are having problems with the soho 2 that they didnt have with a soho (the model I have experience with), and are complaining that sonic walls tech support sucks. Use caustion. might want to check out the netgear RO318 or a nexland product.
Complete Guide To Making Money While You Sleep
Re:Netgear has a router that is based on sonic wall technology for a cheaper price. They are not the same and sonic wall has more features, but you may want to look into it.
model fr314
Edit: got model # wrong, fixed now
Win-Spy Monitoring Software.
Re:Jose, That's the reason I want to try and avoid keeping another computer running, although it might be cheaper.
I'm definately looking at the sonicwall but would like to find something cheaper if possible
Linux For Desktop PC And Notebook Computers
Re:I currently use the Linksys router/firewall. I don't enable the DMZ feature.
I have a win98, w2k workstations & SCO Unix , Linux Servers w/ most services running.
I scaned from the outside using nmap & it reported all ports closed. Since then I've changed
to a dynamic IP to increase my security.
I had zonealarm running , but nothing would show up since I went w/ the Linksys router.
Previously I had many scans on a multitude of ports. ie netbios
Now of course the router can be hit w/ a DOS but that would only shutdown my internet access.
If you had a Linux box acting as you router, you could use a proxy & use the firewall (ipchains/iptables)
to detect & keep track of where attacks are comming from . Can't do that w/ the Linksys router, but then
again I don't have to keep a computer running 24/7.
Jose
DigitalArtistU.com
Re:I would use sonic walls. They have a lot more professional options that you dont find in the less expensive boxes.
HitMalware.com – Top Converting Malware Remover
Re:he's got black ice on at least some computers I know. But all PC's need access to the net, I'm really looking at the sonicwall, seems like it might fit the ticket
Customise this ebook with Your Own Affiliate links
Re:OK although one thing is that using a NAT Firewall sort of negates one aspect of his cable modem service. If he's already flipping the bill to get 8 IP's using the NAT router basically leaves the 7 other ip's unused. I agree that the company should probably invest in at least a software based firewall to run on the clients. If nothing else, I'd consider using the NAT box to splinter off machines that don't need direct access, then place any servers that must be publically accessible directly on the HUB –> Cablemodem (so that they are dhcp assigned from there)
If they don't have any large servers then they might as well just look at running everything behind the NAT box.
Just my $.02
Customise this ebook for Massive Viral Profits! – 50
Re:Actually, after the "Giordi" episode I ran The Cleaner, and found no trojans; I formatted my C drive and installed Windows XP…. and I'm still getting ZA alerts. (And before anyone asks: yes, I changed the admin password on my router…)
Weird. FWIW, both boxes on our little network get alerts. Maybe I better check my router settings.
How To Get Started Computer EBook(R)s.
Re:nayone ever use any of the sonic wall appliances?
Setting Up A Web Server.
Re:<<
Regardless of what solution they use, anti-virus and user training will also be required.
All it takes is (1) person to download a trojan program and it will open a path through the router regardless of what they have.
Example: guy's situation sounds more like he downloaded a trojan into his system. Happens alot these days…
Good Luck >>
Thanks I didn't think of that. I would really prefer a little box of some type instead of a whole pc running BSD, I want logging , but not nessarily stateful inspection
Re:Some of the newer SOHO routers has "firewalls" built-in. Where-as the older ones simply used NAT.
Here is a Linky (http://www.practicallynetworked.com/) you may find helpful. practically networked has lots of great router.proxy/firewal info…
If he has nothing…then NAT would be a smart quick fix right now…
But in the long run, he may want to run something more secure than NAT.
Another solution would be the combination of a NAT router, and a proxy server for all user internet access. Double protection, plus the proxy will/should have full logging ability…
Regardless of what solution they use, anti-virus and user training will also be required.
All it takes is (1) person to download a trojan program and it will open a path through the router regardless of what they have.
Example: guy's situation sounds more like he downloaded a trojan into his system. Happens alot these days…
Good Luck
Re:I just hooked up a Lnksys router model BEFSR42 V.2 and I've had Zone Alarm for a few years now and since I hooked up the router I haven't gotten a single alert with ZA compared to 25 to 50 a day before.
Re:I have a small network at home hooked up to a Linksys router. I assumed it was enough–until one day I'm shutting down and this dialog box pops up to warn me that if I shut down, "USER: \\GIORDI" or something along those lines would be disconnected.
:Q
Needless to say, I shut down. Fast.
Right after that I installed ZoneAlarm, and I now get dozens-to-hundreds of alerts a day, some from addresses within my cable company's block of IPs, some from random places in Asia. Are they hitting my router and ZoneAlarm picks it up, or are they reaching my PC? Beats me…
So my answer is: I dunno, but I'd be interested in seeing what other people say.
Related posts
Tags: firewall soho, smc router