Firewall question - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Hardware > Monitors, Printers and Peripherals
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 05-11-2004, 11:03 AM   #1 (permalink)
Super Techie
 
Join Date: Mar 2004
Posts: 276
Default Firewall question

My wife's company just switched over from DSL (firewall in router) to a T1 for their internet service. The service company installed a Cisco IAD2430 device. I'm not too familiar with this equipment, so I'm wondering what kind of firewall I should install with this system?

At this time I have the Cisco box connected directly to a switch so they will have internet service. I'm assuming this setup leaves all connected machines vulnerable from the outside (I'm guessing the Cisco box has no firewall).

What type of firewall would I be best going with here? This is a very small company, so big $$ solutions aren't going to fly. I'm not against going with a software solution if it's best, but I assume a hardware firewall would be the least likely to be screwed up by users who don't know what they're doing.

All suggestions are appreciated.
__________________

canooten is offline  
Old 05-11-2004, 11:59 AM   #2 (permalink)
HONK if you route packets
 
mikesgroovin's Avatar
 
Join Date: Sep 2003
Location: MD
Posts: 4,715
Default

Big question is.....how many computers are going to be behind this and what is the budget like? Personally, I'd go with Sonicwall. They are a little on the high-end of the network firewall spectrum, but if you look on eBay or other auction sites, you can get a steal...

Like this one...
SonicWall 330
If you can get it at this price, you'd be saving $1000.00.

-Mike
__________________

mikesgroovin is offline  
Old 05-11-2004, 12:23 PM   #3 (permalink)
Banned
 
Join Date: Apr 2004
Posts: 559
Default Re: Firewall question

Quote:
Originally posted by canooten
My wife's company just switched over from DSL (firewall in router) to a T1 for their internet service. The service company installed a Cisco IAD2430 device. I'm not too familiar with this equipment, so I'm wondering what kind of firewall I should install with this system?

At this time I have the Cisco box connected directly to a switch so they will have internet service. I'm assuming this setup leaves all connected machines vulnerable from the outside (I'm guessing the Cisco box has no firewall).

What type of firewall would I be best going with here? This is a very small company, so big $$ solutions aren't going to fly. I'm not against going with a software solution if it's best, but I assume a hardware firewall would be the least likely to be screwed up by users who don't know what they're doing.

All suggestions are appreciated.
Cisco routers have NAT, which is a prob the best secuity a network could have. It makes all those machines on your network look like one machine on the outside world. If you are really concerned about security you should look into smoothwall:
www.smoothwall.org
ChaosBlizzard is offline  
Old 05-11-2004, 12:52 PM   #4 (permalink)
Super Techie
 
Join Date: Mar 2004
Posts: 276
Default

My whole deal is I'm not familiar with the Cisco equipment, so I wasn't sure if they had any type of protection. If that model has NAT, I'm OK with leaving it how it is.

As for the # of machines....right now about 6, but will probably be around 10 pretty soon.
canooten is offline  
Old 05-11-2004, 01:34 PM   #5 (permalink)
Ultra Techie
 
Join Date: Mar 2004
Posts: 807
Default

According to Cisco's website, looks like they bought an IAD - Integrated Access Device.

Whether or not it has a firewall built-in is hard to tell from the specs. Your best bet is to have your wife's company call Cisco's tech support to verify. Also make sure that it provides enough througput speed for upto 10 PCs.

http://www.cisco.com/en/US/products/...080192878.html
Lone Wolf is offline  
Old 05-11-2004, 05:07 PM   #6 (permalink)
Super Techie
 
Join Date: Mar 2004
Posts: 276
Default

I'll go through the company that installed it for that info. I know it will work fine for the # of machines they'll have....

You're right though....the documentation doesn't really make this point clear.
canooten is offline  
Old 05-11-2004, 06:17 PM   #7 (permalink)
Ultra Techie
 
Join Date: Mar 2004
Posts: 807
Default

My feeling is that it doesn't provide FW protection just based on the type of device it is - but I could be wrong.

If i were you, I'd call Cisco and get it straight from the horses' mouth rather than relying on the 3rd party to verify that info.
Lone Wolf is offline  
Old 05-12-2004, 01:41 AM   #8 (permalink)
Junior Techie
 
Join Date: Feb 2004
Posts: 79
Default

Quote:
Cisco routers have NAT, which is a prob the best secuity a network could have.
Sorry, but NAT is no substitute for a firewall. While NAT can act like a firewall it is not a firewall and is not that hard to penetrate for those in the know.

-Target
Target is offline  
Old 05-12-2004, 01:54 AM   #9 (permalink)
HONK if you route packets
 
mikesgroovin's Avatar
 
Join Date: Sep 2003
Location: MD
Posts: 4,715
Default

Right....
A true hardware firewall is MUCH MORE than NAT. NAT is good for your typical SoHo "router" which is really a gateway with "some" routing capabilities like NAT and port forwarding. This hardware piece, in your environment, I would personally accompany with a real hardware firewall. And yes......even an IAD.......it provides NAT because it HAS to! An IAD has to act as a mediator between PBX and Data equipment for the most part. But there are more IADs that act as different mediators.
Fact is.....in your environment....NAT is not enough.

As far as the specs of the IAD......it's fine....up to 10 (so they say) but at least 15 PCs w/o problems

$500.00 will buy you a STACK firewall......and save you lots of frustration...

-Mike
mikesgroovin is offline  
Old 05-12-2004, 02:18 AM   #10 (permalink)
Techie Beyond Description
 
Apokalipse's Avatar
 
Join Date: Jun 2003
Location: Melbourne, Australia
Posts: 14,559
Default

I've heard of "Glass wall"
apparently it has never been hacked before, not even by the company that made it!
not sure where to get it though

I suggest using a 10/100 router + SPI firewall and DoS with however many ports you need, use this to be the first box to get on the net, and connect the networked Mac's/PC's to it

this one has Dos and SPI firewall - the price is in $ aussie
__________________

__________________
Apokalipse is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 11:57 PM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.