|
Joined: Dec 2001
Posts: 232
Member
|
Member
Joined: Dec 2001
Posts: 232 |
I would state an opinion but Junkman might pick on me.
|
|
|
Visit Atcom to get started with your new business VoIP phone system ASAP
Turn up is quick, painless, and can often be done same day.
Let us show you how to do VoIP right, resulting in crystal clear call quality and easy-to-use features that make everyone happy!
Proudly serving Canada from coast to coast.
|
|
|
Joined: Sep 2004
Posts: 1,436
Member
|
Member
Joined: Sep 2004
Posts: 1,436 |
Aw, come on, I'm not that bad. (chomp! snarl! growl!) Just trying to sort out some confusion and misunderstanding.
Joe --- No trees were harmed as a result of this posting; however, many electrons were severely inconvenienced.
|
|
|
|
Joined: Dec 2005
Posts: 2
Member
|
Member
Joined: Dec 2005
Posts: 2 |
How is your client getting his internet access....if DSL, Westell makes a nice combo router/wireless AP....add one or two routers daisychained downstream & you are good to go....
|
|
|
|
Joined: Jun 2005
Posts: 261
Member
|
Member
Joined: Jun 2005
Posts: 261 |
I would avoid cascading routers running NAT. Use one router at the edge of your network, and switches and wireless access points inside the network.
|
|
|
|
Joined: Sep 2004
Posts: 1,436
Member
|
Member
Joined: Sep 2004
Posts: 1,436 |
Please, NO! Not this topic again!
There are a few times when cascading routers is useful, such as using the same internet connection for guest rooms and office computers in a hotel, put the offices behind a second router so the guests can't get to them. Normally, you only need one router.
Definitely don't chain the LAN ports of 2 different routers together unless you turn off DHCP on all but one router.
Joe --- No trees were harmed as a result of this posting; however, many electrons were severely inconvenienced.
|
|
|
|
Joined: Mar 2006
Posts: 4
Member
|
Member
Joined: Mar 2006
Posts: 4 |
Do some research and you'll find out that most if not all routers are classified as true firewalls, since they prevent anyone from getting into your network from the internet. Why would a router be classified as a firewall? A router main function is to "route a routed protocol using a routing protocol." Some routers have some basic "firewall" capabailities. NAT is actually an invention to limit the addressing shortage of IPv4 (2^32 address available.) A side benifit of NAT is a bit of security. However NAT can be cracked using a TCP seq attack of example. A firewall on the other hand does not Route traffic, and is specifically for security. It deep scans packets and rejects or allows access through it based on predetermined policies. An example is if a packet has been altered it will be dropped. Anyway I AGGREE with what you are saying a Router with NAT functionalty is good enough for home use, but it isnt a firewall.
|
|
|
|
Joined: Jun 2005
Posts: 211
Member
|
Member
Joined: Jun 2005
Posts: 211 |
Gentlemen,
First let me thank you for keeping things (mostly) civil. We're all professionals here, and with the rising popularity of this site it is important that we keep that in mind.
My own opinion is that Linksys routers (which do contain limited firewall capabilities) are adequate for home use, primarily because they are usually coupled with software-based A/V and firewalls.
However, when we're talking about a home office or a large family with 5-6 PCs running around the clock, then a hardware-based firewall should always be a consideration. The higher initial costs are offset by not having to outfit each PC with A/V & firewall software.
I see far too much consumer-grade Linksys gear being used in office environments, with typically poor results. Linksys also offers a reasonably-priced product line aimed squarely at the SOHO market. The originally posted scenario might be a good fit for the RV016, which is a 16 port router (with VPN and some firewall capability, plus redundancy and backup connection features typically found on much more expensive units).
-Steve
|
|
|
|
Joined: Feb 2006
Posts: 11
Member
|
Member
Joined: Feb 2006
Posts: 11 |
Since this thread keeps resurrecting itself - here are my 2.5 cents. :nono:
The decision as whether to use a true Firewall really comes down to what you are doing with your Internet connection. If you will only be making "outbound" connections (surfing, mail etc.) then a NAT router or low-end firewall (linksys, etc.) will more than suffice.
Even if you had the most expensive Firewall on the market installed, it would not do you any good if it were not configured correctly (which the avg user can not do). Furthermore, in my experience, most people have any-any-any rules set for outbound connections. Therefore, the firewall is doing squat on outbound. Since most well written Malware utilize standard ports (like 80/www) a perimeter firewall (even properly configured) would happily pass these packets anyway, unless the firewall was equiped with Application Layer inspection (which is far from perfect).
A personal firewall (ass-uming that the user does not arbitrarily keep punching allow) would afford much greater protection against Trojans and other Malware as it informs you that an app or process is trying to establish an outbound connection (regardless of port or destination).
Network based antivirus (like on sonicwalls etc) Only afford a limited amount of protection and are not a substitute for a PC based product. They scan the datastream, which has a tendancy to slow things down, and poorly handle compressed files. They are a great supplement (if implemented correctly) for corporate networks but have little value in the home environment (considering the additional subscription costs).
Dave
|
|
|
|
Joined: Mar 2006
Posts: 4
Member
|
Member
Joined: Mar 2006
Posts: 4 |
Furthermore, in my experience, most people have any-any-any rules set for outbound connections. This is default for ALL PIX firewalls, (high security level passes traffic to a lower security level) are you saying that the mighty pix is not a good firewall? To be honest in a corp enviroment, a firewall is to keep people out not to keep malware in. As you said it is preferable to have desktop applications to detect and destroy malware, i dont think this is a job of the firewall. My 2.6 eurocents
|
|
|
|
Joined: Feb 2006
Posts: 11
Member
|
Member
Joined: Feb 2006
Posts: 11 |
Well, I won't even go there with PIX. Let's just say that they should stick with Routing and switching.
I disagree with what you say a firewall's job is. It should be configured to cut both ways. I have saved many a disaster by limiting outbound ports. For example, if you limit port 25 to only your legit mail hosts then you can stop worm propagation cold. You can also control many other bad places that users tend to go (like personal pop-mail hosts, usenet, etc.)
|
|
|
Forums84
Topics94,512
Posts639,933
Members49,844
|
Most Online5,661 May 23rd, 2018
|
|
1 members (Carl Navarro),
130
guests, and
45
robots. |
Key:
Admin,
Global Mod,
Mod
|
|
|
|