Very secure router/hardware firewall needed [Archive] - Glock Talk

PDA

View Full Version : Very secure router/hardware firewall needed


Ragin Cajun
05-28-2007, 17:45
http://www.glocktalk.comWas talking with a friend who in in IT security. He mentioned that the typical router isn't that great a firewall. He recommended I use a Cisco router. But, Cisco routers are quite expen$ive!

I run a small consulting engineering business and use the internet a lot, but am very careful of where I surf. My computer files are my lifeblood. I do back-up often, have Raid 1, etc.

Any comments, recommendations, etc. on this issue?

I do use Zone Alarm, AGV, Spybot, and Ad-aware.


RC

IndyGunFreak
05-28-2007, 18:16
Originally posted by Ragin Cajun
http://www.glocktalk.comWas talking with a friend who in in IT security. He mentioned that the typical router isn't that great a firewall. He recommended I use a Cisco router. But, Cisco routers are quite expen$ive!

I run a small consulting engineering business and use the internet a lot, but am very careful of where I surf. My computer files are my lifeblood. I do back-up often, have Raid 1, etc.

Any comments, recommendations, etc. on this issue?

I do use Zone Alarm, AGV, Spybot, and Ad-aware.

RC

I'm assuming we're talking a Wired router, and not wireless...

You'll likely be well served by any router/firewall w/SPI(stateful packet inspection). Linksys, Netgear, DLink and others I'm sure all have very good options. I personally really like Netgear, but I have a Linksys now, and it works fine. On almost any router, you can tweak the firewall, to filter out sites, etc.... Really to me, even as just an average home user, if you have an always on connection, you need to be behind a hardware firewall/router. Once you have a good router set up, you really don't need ZoneAlarm anymore, at least I never did...

http://www.newegg.com/Product/Product.aspx?Item=N82E16833122081

http://www.newegg.com/Product/Product.aspx?Item=N82E16833124007

IGF

NetNinja
05-29-2007, 21:58
A small consulting engineering business

Ok so what type of files that you are using or creating?

Who are your competitors?

Yes Cisco routers and Firewalls are expensive but you get what you pay for.

Securing your company from the baddies should not be considered a commodity but rather an expense that you must budget yearly for.
Support and upgrades.

A small 1702 Cisco Router and a Cisco 506e firewall will do the trick.

Yes there are other ways to do this on the cheap but do you have the expertise to support it?

thonl
05-30-2007, 08:49
Depends on how hands on you want to be, also.

If you dont mind dedicating a spare PC to the cause, m0n0wall is a pretty straightforward solution, with an intuitive interface.


http://m0n0.ch/wall/

sencless
05-30-2007, 09:00
www.ipcop.org

It's free, you can't beat it!

KG4IDA
05-30-2007, 17:46
I have a Netgear FVS318 and love it. I believe it's been replaced with a newer model.

Ragin Cajun
05-31-2007, 07:35
Originally posted by NetNinja
A small consulting engineering business

Ok so what type of files that you are using or creating?

Who are your competitors?

Yes Cisco routers and Firewalls are expensive but you get what you pay for.

Securing your company from the baddies should not be considered a commodity but rather an expense that you must budget yearly for.
Support and upgrades.

A small 1702 Cisco Router and a Cisco 506e firewall will do the trick.

Yes there are other ways to do this on the cheap but do you have the expertise to support it?

Competitors are not an issue.

As to support, I'm it! One man outfit. Whatever I get I have to deal with myself.

I run ACAD 2008 as my main software on XP Pro and a very fast Del Dimension 9200, 4 GIG ram, Raid 1, etc.

I have DSL from Bellsouth via their modem and a US Robotics 8004 router.

The $$ will hurt!

Thanks,

RC

neeko
06-03-2007, 13:11
Flash a linksys or belkin with dd-wrt vpn edition. It runs ipchains as well as openvpn so you can connect to it securely from anywhere in the world.

MikeG22
06-12-2007, 21:18
I have a Netscreen 5GT I'll give ya for a decent price. Very nice and would be perfect. Otherwise look into a Sonicwall TZ170. They aren't to spendy and are really nice as well.


Netscreen(Juniper): http://www.juniper.net/products_and_services/firewall_slash_ipsec_vpn/netscreen_5_series/index.html
Sonicwall: http://sonicwall.com/us/TZ_170_Series.html

FastZ
06-13-2007, 21:27
Definitely go with a Cisco PIX firewall! Or you can do like thonl suggested and build your own firewall. In addition to his recommendation of m0n0wall (http://m0n0.ch/), look into Smoothwall (http://www.smoothwall.org/) as well. I believe both are free.

Eric
06-28-2007, 11:32
Originally posted by thonl
Depends on how hands on you want to be, also.

If you dont mind dedicating a spare PC to the cause, m0n0wall is a pretty straightforward solution, with an intuitive interface.


http://m0n0.ch/wall/

I just built a WRAP (Wireless Router Appliance Platform) device, running M0n0wall. I am using a WRAP.1E-1 board, from PC Engines. This board is End-of-Life, due to the fact that AMD is no longer producing the processor on that board, but it is an outstanding piece of technology. I found a new-in-box board on eBay for less than $150 delivered. The company I bought mine from had 140 of them left last week. They are EOL, but they are still available. The board has a CF card slot for the OS and two Mini-PCI slots. I have an Atheros wireless card in one slot and a VPN Accelerator in the other.

With the board, enclosure, power supply, Mini-PCI cards and CF card, I am in this system less than $250. The device is about 6"X6"X1". It uses so little power that it is capable of deriving its power from a LAN connection, in some cases. The device has two NIC ports, a serial port and the enclosure was already punched out for the antenna mounts. This is a slick little piece of tech. Also, having the wireless access point built into the firewall gives me much better security. The wireless interface can be configured and secured like any other interface on the box. In addition to MAC address exclusion and WEP, I have the wireless port set so that someone has to connect to the wireless and then VPN to the firewall in order to have access to anything. This adds an extra level of security to the connection.

M0n0wall gives me a really powerful firewall and some great routing functionality. I now also have a secure VPN portal on my home network, so I don't have to keep worrying about synchronizing work files when I'm on the road.

M0n0wall can just as easily be set up on a surplus computer, using a CF card, running strictly out of memory or installed on a hard drive. I bought the WRAP primarily because I am a gadget junkie, but it is smaller, uses less power and will be more dependable. It works fine on a PC though. That is how I was running M0n0wall before I bought the WRAP device.

If there is any interest, I can post more info on where I bought everything. Eric