Hardware firewalls.

[Guest]

I would like to add a hardware firewall - I currently use a software
firewall, NIS.
Can anyone reccommend a good one? preferably one that is available in Europe.
Many thanks in advance,

 

[Mike Hall \(MS-MVP\)]

Peebs

If you are connected via DSL (ADSL), there is a good chance that you are
behind a NAT device of some sort which is seen as the home version of a
hardware firewall.. if you still use dialup, forget about it..

 

[David H. Lipman]

From: "Mike Hall (MS-MVP)" <[email protected]>

| Peebs
|
| If you are connected via DSL (ADSL), there is a good chance that you are
| behind a NAT device of some sort which is seen as the home version of a
| hardware firewall.. if you still use dialup, forget about it..
|
| --
| Mike Hall
| MVP - Windows Shell/user
|
|
|
|
To add to what Mike stated...

Cable/DSL Routers such as the Linksys BEFSR41 use Network Address Translation (NAT) and thus
act as simplistic FireWalls. There are other models from Linksys and other vendors that
have full FireWall implementations. They are inexpensiive, have other benefits as well and
are highly suggested.

As always, I suggest blocking both TCP and UDP ports 135 ~ 139 and 445 on *any* SOHO Router.

 

[Leythos]

To add to what Mike stated...

Cable/DSL Routers such as the Linksys BEFSR41 use Network Address
Translation (NAT) and thus act as simplistic FireWalls. There are other
models from Linksys and other vendors that have full FireWall
implementations. They are inexpensiive, have other benefits as well
and are highly suggested.

As always, I suggest blocking both TCP and UDP ports 135 ~ 139 and 445
on *any* SOHO Router.

It's very nice to see someone other than me tell people about the
difference in SOHO units for a change. The difference between a firewall
appliance and a NAT Router (the entire Linksys line, even the BEFSX41 is
just a NAT box) is that they offer little FIREWALL protection. These units
are the absolute minimum I would install for a home user, and they are
absolutely needed for any type of DSL/Cable connection for home users.

If the OP really wants a firewall, a WatchGuard SOHO 6 unit or a X5 unit
would be ideal for a small office or home user. A second alternative might
be the Netscreen 5GT-ADSL Plus (or other version depending on the WAN
connection).

If the OP has to go cheap, meaning a D-Link/Netgear/Linksys and under $200
(USD) then even the Linksys BEFSR41 provides as much inbound protection as
any of the others in its class.

 

[Richard Urban]

In your opinion, what is the difference between the BEFSR41 router and the
BEFSX41 firewall/router? Any?

I know that I can go to the web site but I would like YOUR opinion!

--
Regards,

Richard Urban

aka Crusty (-: Old B@stard

If you knew as much as you think you know,
You would realize that you don't know what you thought you knew!

 

[Leythos]

In your opinion, what is the difference between the BEFSR41 router and
the BEFSX41 firewall/router? Any?

I know that I can go to the web site but I would like YOUR opinion!

I have both routers in my lab, they are both about the same. The SX will
allow blocking of Active-X and some other things, the SX will also do a
couple IPSec tunnels. It has a couple other blocking features, but it's
just a higher-end SR unit.

The BEFVP unit is designed a little differently, it's designed for doing
20 IPSec tunnels, and also has the same abilities as the SR with a few
add-ons.

I purchase the VP over the SX, but I need IPSec tunnels more than I need
the features of the SX. If I need something cheap, I just get a SR.

 

[Richard Urban]

Thank you!

--
Regards,

Richard Urban

aka Crusty (-: Old B@stard

If you knew as much as you think you know,
You would realize that you don't know what you thought you knew!

 

[Leythos]

Thank you!

Richard, if you are going to get a real firewall, they are not cheap, if
you want an appliance that is. I bought a D-Link DI808HV for one client
that wanted some main firewall features, but didn't want just NAT. I set
it up as a PPTP end-point and also a VPN unit for passing inbound to their
server. It was about $280 if I remember correctly.

As for small home networks, I like the WatchGuard SOHO 6 or 6tc, but I've
not really had time to use the X series. I'm suppose to be getting an X700
this month for my home.

 

[Guest]

Hi Mike,
Thanks for the info. I am still on dial-up (we moved from an area with ADSL
and dial-up is a cultural shock). When you say "forget it", do you mean that
i don't need a NAT device with dial-up or is there some other reason?
Regards,

 

[Leythos]

Hi Mike,
Thanks for the info. I am still on dial-up (we moved from an area with
ADSL and dial-up is a cultural shock). When you say "forget it", do you
mean that i don't need a NAT device with dial-up or is there some other
reason? Regards,

Dial-Up is no different than any other internet connection - just slower.
You are still exposed to a PUBLIC Internet connection, and people can
still access your computer directly.

If you don't already have a NAT device or at least a personal firewall,
and you have not perfectly secured your machine according to MS's
recommendations, you may already be compromised.

 

[Guest]

I do have a PFW - Norton IS and I do keep XP and NAV up to date. I also scan
regularly with MS anti-spyware and AdAware SE so i am probably OK for now.
What I am looking for is advice on buying, installing and using a hardware
firewall.
Many hanks,