Re: Firewall Suggestions ?

Discussion in 'A+ Certification' started by dave, Aug 31, 2003.

  1. dave

    dave Guest

    SPG wrote:
    > Anyone have any input on software vs appliance firewalls for small
    > businesses (10 or less users) ? How about 3 users ?
    > Any personal experience with any firewall you like or dislike and why.



    HARDWARE:
    =============

    I've installed Linksys BEFSX41, BEFSX81 and some
    Netgear, Dlink DSL/firewall appliances.

    - Strong Points:
    PRICE: Under $200 USD in most cases
    DHCP default and almost no thinking to install,
    up to 100 client with multiple Hubs or switches.
    Fast, easy, no thinking required. HTML interface
    for sysadmin.
    Limited features: turn off, turn on, some are
    only 16 tables deep for filter purposes...

    Time: Pretty quick.

    You even have a 1800 number and website to
    visit.

    - Weak points:
    1 to 8 port limitations, depending
    on what you buy, all ethernet, no WAN
    connections possible.

    Your stuck at internal IP's starting at 192.168.1.2-254

    IPv6 capability is possible, but that would be up to the
    manufacturer to provide you with that particular upgrade.


    Comments: A MS mouse monkey could install it, strange, since
    all these appl. run on LINUX for the packet filtering
    portion of the firewall and HTTP/apache webserver for
    the graphical System admin. If you need more than
    5 minutes installing this, your not cut out for any
    System Admin work for the near future.

    =======

    SOFTWARE:

    =======

    LINUX
    ------

    SENTRY FIREWALL http://www.sentryfirewall.com

    This is a SLACKWARE CD ROM-BASED FIREWALL/SERVER/IDS

    (Intrusion Detection System)


    Heavily modified installation CD-ROM based firewall, it
    has the most current linux kernel and networking software
    packaged in such a way to create a secure firewall or
    server type for intel installation.

    STRONG: Price => still free. You provide the hardware.
    386 with 16 megs ram, a 350meg hardrive and
    2 nics.

    CAN run IPV6, via kernel recompile.

    Security: IPTABLES => packet-filtering

    Weak: Knowledge: You need to have a small knowledge base
    of LINUX. It is fairly secure, and updates
    are availble via sourceforge. Reading the material
    availble is a must.

    Support: Internet and email, newsgroups.


    Comment: Although it is free, one requirement is that you have
    at least a boot floppy, or a bootable CDROM to make the
    installation go faster.

    However, you are responsible for performing the
    upgrades. You must also install the IDS tools to
    ensure protection, and also upgrade these packages
    as well.


    OPENBSD
    --------

    http://www.openbsd.org

    The Unix, BSD based operating system. It's primary existance
    is to fufill the need for securely programmed software, via
    re-editing and extensive code modification and correction.


    - Strong: This is what the big boys run, like DARPA and
    the USAF, Price Waterhouse, etc...

    If your client has a old computer collecting dust
    sitting idle, then this is a strong selling
    point, since it will *RECYCLE* the old hardware.

    All you need are 2 nics, floppy and/or CDROM,
    16 megs of ram, and a Harddrive

    OS is free: download and create the disk from
    the website, at http://www.openbsd.org
    Disks cost $40 bucks. It's worth it.

    IPV4 and IPV6 running and enabled.

    Man pages are very upto date, in comparision to
    other Unix flavours and variants. Reading the
    material is very important, especially the
    FAQ guide.

    Security: Automatically comes with crypto, unlike
    LINUX ( well, until kernel 2.4.22 and 2.6.X )

    Uses Packet Filtering. Does not require monitor
    or video card ( your BIOS must be set for this ).

    Propolice pre-compiled for GCC 2.95.3, so it will
    *NOT* be hampered by Ping and DOS attacks like other
    Unix versions.

    Drawbacks: Time consuming: If you don't know about OpenBSD,
    or any type of UNIX in general, your have a steep
    but attainable learning curve to achieve. If you
    do attampt it, you'll learn alot about networking
    in the process to boot.

    Support: newsgroups; email; web accessable man pages.

    I've installed old 386DX40, 486/DX50, Pentium I/II's
    with 16M Ram and 2.0 Gig HD running OpenBSD 3.3
    ( takes less than 250 megs ), on more that 20 places
    thus far. These systems don't let anything in so far.

    =========
    =========

    Good luck,
     
    dave, Aug 31, 2003
    #1
    1. Advertising

  2. dave

    Allen Howell Guest

    I use a Linksys BEFW11S4 V2,(with NAT protection) and recommend this type of
    product. There are newer models out there that support "G" technology
    wireless speed. But beware, I think that Win 2000 is not compatible with
    Linksys equipment.
    It is a Wireless router/switch with 4 ports and wireless connection, but it
    is bridgeable to add additional routers/switches to support up 253 computers
    via ethernet cable or wireless. I have found this to be a very cost
    effective means to network and provide a Firewall.

    Allen
    No certification yet, I'm just a hobby pc/network builder

    "dave" <> wrote in message
    news:OOf4b.114974$K44.46095@edtnps84...
    > SPG wrote:
    > > Anyone have any input on software vs appliance firewalls for small
    > > businesses (10 or less users) ? How about 3 users ?
    > > Any personal experience with any firewall you like or dislike and why.

    >
    >
    > HARDWARE:
    > =============
    >
    > I've installed Linksys BEFSX41, BEFSX81 and some
    > Netgear, Dlink DSL/firewall appliances.
    >
    > - Strong Points:
    > PRICE: Under $200 USD in most cases
    > DHCP default and almost no thinking to install,
    > up to 100 client with multiple Hubs or switches.
    > Fast, easy, no thinking required. HTML interface
    > for sysadmin.
    > Limited features: turn off, turn on, some are
    > only 16 tables deep for filter purposes...
    >
    > Time: Pretty quick.
    >
    > You even have a 1800 number and website to
    > visit.
    >
    > - Weak points:
    > 1 to 8 port limitations, depending
    > on what you buy, all ethernet, no WAN
    > connections possible.
    >
    > Your stuck at internal IP's starting at 192.168.1.2-254
    >
    > IPv6 capability is possible, but that would be up to the
    > manufacturer to provide you with that particular upgrade.
    >
    >
    > Comments: A MS mouse monkey could install it, strange, since
    > all these appl. run on LINUX for the packet filtering
    > portion of the firewall and HTTP/apache webserver for
    > the graphical System admin. If you need more than
    > 5 minutes installing this, your not cut out for any
    > System Admin work for the near future.
    >
    > =======
    >
    > SOFTWARE:
    >
    > =======
    >
    > LINUX
    > ------
    >
    > SENTRY FIREWALL http://www.sentryfirewall.com
    >
    > This is a SLACKWARE CD ROM-BASED FIREWALL/SERVER/IDS
    >
    > (Intrusion Detection System)
    >
    >
    > Heavily modified installation CD-ROM based firewall, it
    > has the most current linux kernel and networking software
    > packaged in such a way to create a secure firewall or
    > server type for intel installation.
    >
    > STRONG: Price => still free. You provide the hardware.
    > 386 with 16 megs ram, a 350meg hardrive and
    > 2 nics.
    >
    > CAN run IPV6, via kernel recompile.
    >
    > Security: IPTABLES => packet-filtering
    >
    > Weak: Knowledge: You need to have a small knowledge base
    > of LINUX. It is fairly secure, and updates
    > are availble via sourceforge. Reading the material
    > availble is a must.
    >
    > Support: Internet and email, newsgroups.
    >
    >
    > Comment: Although it is free, one requirement is that you have
    > at least a boot floppy, or a bootable CDROM to make the
    > installation go faster.
    >
    > However, you are responsible for performing the
    > upgrades. You must also install the IDS tools to
    > ensure protection, and also upgrade these packages
    > as well.
    >
    >
    > OPENBSD
    > --------
    >
    > http://www.openbsd.org
    >
    > The Unix, BSD based operating system. It's primary existance
    > is to fufill the need for securely programmed software, via
    > re-editing and extensive code modification and correction.
    >
    >
    > - Strong: This is what the big boys run, like DARPA and
    > the USAF, Price Waterhouse, etc...
    >
    > If your client has a old computer collecting dust
    > sitting idle, then this is a strong selling
    > point, since it will *RECYCLE* the old hardware.
    >
    > All you need are 2 nics, floppy and/or CDROM,
    > 16 megs of ram, and a Harddrive
    >
    > OS is free: download and create the disk from
    > the website, at http://www.openbsd.org
    > Disks cost $40 bucks. It's worth it.
    >
    > IPV4 and IPV6 running and enabled.
    >
    > Man pages are very upto date, in comparision to
    > other Unix flavours and variants. Reading the
    > material is very important, especially the
    > FAQ guide.
    >
    > Security: Automatically comes with crypto, unlike
    > LINUX ( well, until kernel 2.4.22 and 2.6.X )
    >
    > Uses Packet Filtering. Does not require monitor
    > or video card ( your BIOS must be set for this ).
    >
    > Propolice pre-compiled for GCC 2.95.3, so it will
    > *NOT* be hampered by Ping and DOS attacks like other
    > Unix versions.
    >
    > Drawbacks: Time consuming: If you don't know about OpenBSD,
    > or any type of UNIX in general, your have a steep
    > but attainable learning curve to achieve. If you
    > do attampt it, you'll learn alot about networking
    > in the process to boot.
    >
    > Support: newsgroups; email; web accessable man pages.
    >
    > I've installed old 386DX40, 486/DX50, Pentium I/II's
    > with 16M Ram and 2.0 Gig HD running OpenBSD 3.3
    > ( takes less than 250 megs ), on more that 20 places
    > thus far. These systems don't let anything in so far.
    >
    > =========
    > =========
    >
    > Good luck,
    >
     
    Allen Howell, Sep 14, 2003
    #2
    1. Advertising

  3. On Sun, 14 Sep 2003 16:24:58 -0500, "Allen Howell"
    <> wrote:

    >I use a Linksys BEFW11S4 V2,(with NAT protection) and recommend this type of
    >product. There are newer models out there that support "G" technology
    >wireless speed. But beware, I think that Win 2000 is not compatible with
    >Linksys equipment.



    I've got the same router but v1, and Win2000 works fine for me.
     
    Outgoing V. Incoming, Sep 15, 2003
    #3
  4. dave

    Allen Howell Guest

    Sorry, I new I had read something about incompatibility issues. As it turns
    out, its the wireless "G" card (pcmcia) that is incompatible with Win95 and
    NT.

    Allen

    "Outgoing V. Incoming" <> wrote in message
    news:...
    > On Sun, 14 Sep 2003 16:24:58 -0500, "Allen Howell"
    > <> wrote:
    >
    > >I use a Linksys BEFW11S4 V2,(with NAT protection) and recommend this type

    of
    > >product. There are newer models out there that support "G" technology
    > >wireless speed. But beware, I think that Win 2000 is not compatible with
    > >Linksys equipment.

    >
    >
    > I've got the same router but v1, and Win2000 works fine for me.
     
    Allen Howell, Sep 15, 2003
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Phil
    Replies:
    1
    Views:
    2,108
    Walter Roberson
    Dec 11, 2004
  2. Replies:
    1
    Views:
    546
    Walter Roberson
    Jun 14, 2005
  3. JohnNews
    Replies:
    3
    Views:
    1,835
    Blue Jean
    Jun 24, 2003
  4. Hambonz

    Firewall/VPN - suggestions

    Hambonz, Feb 6, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    494
    Hambonz
    Feb 7, 2004
  5. WhzzKdd

    Firewall Appliance Suggestions?

    WhzzKdd, Aug 21, 2007, in forum: Computer Support
    Replies:
    14
    Views:
    864
    Leythos
    Aug 22, 2007
Loading...

Share This Page