OK guys, I want to get a hardware firewall for my in-laws’ small office network. At the moment there are 4 computers connected through a hub/switch to an ADSL modem and therefore the internet and everything that throws at Windows (Viruses, spyware, etc…). Anyway, their network is worryingly unprotected, as there is no firewall.
My question is, is there such a thing as a “single” hardware firewall? By that I mean, it is not a router with a built-in hardware firewall, but rather a stand-alone firewall, that connects between the ADSL modem and the hub/switch? Am I wasting my time here? Should I just bin the hub/switch and buy a router?
Anyone any idea of prices (stand-alone OR router)? (Cheap is good… no Wi-Fi required).
It would be an interesting project to build this, but it would cost far more (for the extra computer) than just buying a router for NT$1000. It would also use a lot more electricity.
It would be an interesting project to build this, but it would cost far more (for the extra computer) than just buying a router for NT$1000. It would also use a lot more electricity.
cheers,
DB[/quote]
Yeah. Maybe if it were a personal project I might consider it, but I need something pretty much failsafe that I can set up and leave at their office (In Taoyuan) and just pop round once every few months if things go wrong. They’d just muck it up if I used another computer as a firewall.
Without wireless they go for $750-1000 locally. With wireless is $1800-3000 depending on what features you get. Basic 802.11g is good enough for a wireless model.
If the PC’s in the office could handle the extra load, you might also want to consider installing software firewall such as zonealarm or outpost – along with the router. Sitting behind a router will protect you from incoming attacks and intrusions for the most part… while software firewall will leak-proof your PC and prevents outgoing attacks such as a trojan attempting to phone home. In addition to just firewall, both zonealarm pro and outpost pro come with a few security features such as component control, anti-spyware, anti-trojan, etc… Both are good, but zonealarm is a bit easier to setup.
As for router… when it comes to wired stuff, I’m sure the cheaper routers would work just as good as the name branders, but they’ll prolly be a bit less user friendly tho. If your Chinese is not up to par, buy one that will allow you to flash the firmware to an English version for easy installation – as far as I know, 3com and Buffalo both come with English firmwares installed already. The Dlink’s here come with Chinese only, but you can easily swap the firmware out for English with a download and a flash.
In terms of wireless performance, Dlink’s generally suck IMHO, especially for the price… the only DLink I would recommend is the DGL-4300 (gamer router) – it is expensive tho… but it is by far the best router I have used yet. Download all you want and game on all you want – all at the same time with barely a scratch to the pingage.
right on. why bother when you can get cheap and easy solutions?
a router with built-in firewall will be safe enough (unless of course they are hosting top secrets data in their machines)
this is the first time i see someone suggesting using a sfotware firewall behind a hardware firewall useless load for the machines but again they might be hosting sensitive data in their machines…
I agree with zerosum. The type of firewall that comes in a router will block incoming connections but allow any outgoing connections from your PC. A software firewall on the PC can monitor and stop suspicious outgoing connections and/or ask you for permission to allow certain applications to access the network. That way if you get some funky malware onto your system, it won’t be able to do anything useful.
For the current best practices in protecting your PC, you should have a hardware firewall, a software firewall, an active anti-spyware detector (not just one that runs a scan once in a while but also runs in the background to detect threats in realtime), and an anti-virus program. In addition you need to install security updates for your PC regularly, as well as any network apps such as your mail reader and web browser.
By the way, if you’re into playing around with Linux stuff you might want to look at OpenWRT. It is an open source firmware for consumer level wireless routers. On supported models it essentially turns your router into an inexpensive Linux system which allows you to do all sorts of nifty things like setup complex firewalling using ipchains, making individual ethernet ports into VLAN, and running simple unix services on them.
For example, I’ve got an Asus WL500G Deluxe which is widely available in Taiwan for around $2800. It has a 200mhz CPU, 32mb of RAM, 4mb of flash, 802.11g wireless, 5 ethernet ports and 2 USB ports. That might not seem like a whole lot but 10 years ago that would be a high end server configuration. The OpenWRT image uses 2mb of flash leaving 2mb of ‘disk space’ for you to install additional tools. I’ve also added an inexpensive 512mb USB dongle for additional storage space. Even without the additional flash, it can comfortably run services for dns, ssh, dhcp, web server, and vpn with the base config.
OpenWRT also works on several of the Buffalo routers available locally, though they don’t have as much memory or flash as that Asus model.
right on. why bother when you can get cheap and easy solutions?
a router with built-in firewall will be safe enough (unless of course they are hosting top secrets data in their machines)
this is the first time I see someone suggesting using a sfotware firewall behind a hardware firewall useless load for the machines but again they might be hosting sensitive data in their machines…[/quote]
A good software firewall will run in the background on your system and use only a small amount of system resources. The differences between a software and hardware firewall are many, and the best protection for your computer and network is to use both, as each offers different but much-needed security features and benefits… Updating your firewall and your operating system is essential to maintaining optimal protection, as is testing your firewall to ensure it is connected and working correctly.
The bottom line is that with any home-office broadband connection, a hardware firewall should be considered a bare minimum, and supplementing it with a software firewall on one or more computers (and don’t forget anti-virus software) is almost always a good idea.
[quote=“zerosum”]
A good software firewall will run in the background on your system and use only a small amount of system resources. The differences between a software and hardware firewall are many, and the best protection for your computer and network is to use both, as each offers different but much-needed security features and benefits… Updating your firewall and your operating system is essential to maintaining optimal protection, as is testing your firewall to ensure it is connected and working correctly.
The bottom line is that with any home-office broadband connection, a hardware firewall should be considered a bare minimum, and supplementing it with a software firewall on one or more computers (and don’t forget anti-virus software) is almost always a good idea.
The only problem with software firewalls installed on the possible infected machine is that some viruses, worms or trojan horses are capable of disabeling them, since they run on the same machine. So they offer some security, but not really reliable. I only use my software firewall to keep too nosy programs, such as some mediaplayers, sending out my personal information, or disabling the Internet Explorer, which is a huge gateway for those nasty buggers to get into my system the first place.
[quote=“ratlung”][quote=“zerosum”]
A good software firewall will run in the background on your system and use only a small amount of system resources. The differences between a software and hardware firewall are many, and the best protection for your computer and network is to use both, as each offers different but much-needed security features and benefits… Updating your firewall and your operating system is essential to maintaining optimal protection, as is testing your firewall to ensure it is connected and working correctly.
The bottom line is that with any home-office broadband connection, a hardware firewall should be considered a bare minimum, and supplementing it with a software firewall on one or more computers (and don’t forget anti-virus software) is almost always a good idea.
The only problem with software firewalls installed on the possible infected machine is that some viruses, worms or trojan horses are capable of disabeling them, since they run on the same machine. So they offer some security, but not really reliable.[/quote]
True… but the problem here is not the software itself, but in how you implement it… I’m sorry to be the one to tell ya but Anti-virus software can be hijacked just as easily as software firewalls… BUT that does not mean you should toss either one out of system security.
Rule of thumb – always make sure your system is clean prior to installing security apps. If in doubt [prior to installation], use an online solution first:
Along those lines… and I don’t mean to get too technical here but [windows] svchost is a huge[r] security risk… just another reason to use software firewall since they can be set up to tame the beast.
The fact is that there really is no “one do it all” security solution – a router itself is not sufficient enough if your really trying to protect your system / network – its better to use a combination of solutions as a whole.
i think soft + hardware firewall is overkill even for a small ‘company’ like the one mentioned in this thread. it’s just my opinion.
if you really want security, dont use windows in the first place… i never use any virus scanner. i never use any spyware detector. but that’s another subject for discussion.
this sounds like a very reasonable solution indeed.
i didnt suggest using linux… how about mac os?
my gf uses linux more and more now, doesnt see any difference with windows. she now says the trad ch input system is better than in windows…
jlick mentioned this product, this is what i’d get too.
Some of you seem to think that the only place viruses come from is the internet!
If a virus gets on the network from another vector (CD, USB drive, or a system joining the network are the common ones now) then it will spread to other machines on the LAN that are not protected. The presence of a hardware firewall in the router would do nothing to prevent infection in this case, but software running on the individual machines will.
Windows XP comes with a software firewall so it actually takes more effort (you have to disable it manually) to not use a firewall than to use one.
useless load for the machines but again they might be hosting sensitive data in their machines…
[/quote]
… and that’s really the way things should be 
