SPG wrote:
> Anyone have any input on software vs appliance firewalls for small
> businesses (10 or less users) ? How about 3 users ?
> Any personal experience with any firewall you like or dislike and why.
HARDWARE:
=============
I've installed Linksys BEFSX41, BEFSX81 and some
Netgear, Dlink DSL/firewall appliances.
- Strong Points:
PRICE: Under $200 USD in most cases
DHCP default and almost no thinking to install,
up to 100 client with multiple Hubs or switches.
Fast, easy, no thinking required. HTML interface
for sysadmin.
Limited features: turn off, turn on, some are
only 16 tables deep for filter purposes...
Time: Pretty quick.
You even have a 1800 number and website to
visit.
- Weak points:
1 to 8 port limitations, depending
on what you buy, all ethernet, no WAN
connections possible.
Your stuck at internal IP's starting at 192.168.1.2-254
IPv6 capability is possible, but that would be up to the
manufacturer to provide you with that particular upgrade.
Comments: A MS mouse monkey could install it, strange, since
all these appl. run on LINUX for the packet filtering
portion of the firewall and HTTP/apache webserver for
the graphical System admin. If you need more than
5 minutes installing this, your not cut out for any
System Admin work for the near future.
=======
SOFTWARE:
=======
LINUX
------
SENTRY FIREWALL
http://www.sentryfirewall.com
This is a SLACKWARE CD ROM-BASED FIREWALL/SERVER/IDS
(Intrusion Detection System)
Heavily modified installation CD-ROM based firewall, it
has the most current linux kernel and networking software
packaged in such a way to create a secure firewall or
server type for intel installation.
STRONG: Price => still free. You provide the hardware.
386 with 16 megs ram, a 350meg hardrive and
2 nics.
CAN run IPV6, via kernel recompile.
Security: IPTABLES => packet-filtering
Weak: Knowledge: You need to have a small knowledge base
of LINUX. It is fairly secure, and updates
are availble via sourceforge. Reading the material
availble is a must.
Support: Internet and email, newsgroups.
Comment: Although it is free, one requirement is that you have
at least a boot floppy, or a bootable CDROM to make the
installation go faster.
However, you are responsible for performing the
upgrades. You must also install the IDS tools to
ensure protection, and also upgrade these packages
as well.
OPENBSD
--------
http://www.openbsd.org
The Unix, BSD based operating system. It's primary existance
is to fufill the need for securely programmed software, via
re-editing and extensive code modification and correction.
- Strong: This is what the big boys run, like DARPA and
the USAF, Price Waterhouse, etc...
If your client has a old computer collecting dust
sitting idle, then this is a strong selling
point, since it will *RECYCLE* the old hardware.
All you need are 2 nics, floppy and/or CDROM,
16 megs of ram, and a Harddrive
OS is free: download and create the disk from
the website, at
http://www.openbsd.org
Disks cost $40 bucks. It's worth it.
IPV4 and IPV6 running and enabled.
Man pages are very upto date, in comparision to
other Unix flavours and variants. Reading the
material is very important, especially the
FAQ guide.
Security: Automatically comes with crypto, unlike
LINUX ( well, until kernel 2.4.22 and 2.6.X )
Uses Packet Filtering. Does not require monitor
or video card ( your BIOS must be set for this ).
Propolice pre-compiled for GCC 2.95.3, so it will
*NOT* be hampered by Ping and DOS attacks like other
Unix versions.
Drawbacks: Time consuming: If you don't know about OpenBSD,
or any type of UNIX in general, your have a steep
but attainable learning curve to achieve. If you
do attampt it, you'll learn alot about networking
in the process to boot.
Support: newsgroups; email; web accessable man pages.
I've installed old 386DX40, 486/DX50, Pentium I/II's
with 16M Ram and 2.0 Gig HD running OpenBSD 3.3
( takes less than 250 megs ), on more that 20 places
thus far. These systems don't let anything in so far.
=========
=========
Good luck,
Similar Threads
