Here's my situation. I've set up a small office with a DSL connection. Said office has 18 PC's and a Win NT server used for inter-office email and file serving. Just recently got em hooked up with DSL, and each machine as a static IP out to the real world. I knwo some sort of security is necessary, and i was thinking about a hardware firewall, i.e. a lil linux box. But unfortunatly, I know next to nothing about Linux or setting up a hardware firewall.

Does anybody have any experience with a hardware firewall? Is a software firewall a better way to go? Security is pretty vital in the office. I dont have a router that I can do access-lists or anythign like that on, so thats out. I dont think something like BlackIce or ZoneAlarm is quite sufficent(maybe Im wrong?).

All the help you can give me is much appreciated.

Ian

For a small office like that, you could [i]probably[i] get away with a little Linksys, SMC, or Dlink cable/DSL router. Zonealarm Pro is pretty good, but you'll have to mess with it on each PC and train the users to respond to its questions when you haven't set something up. I would recommend the hardware solution, those routers can all be had under $100. And whatever you're doing, get something now; it is likely you have a vulnerability (especially on the server) which hasn't been accounted for and it's a ticking time bomb.

What exactly do you need to do, anyway?

All I know is that a hefty hardware firewall like a Cisco PIX 525 Firewall costs like $9,250.00 :heh: But, if it's just for a small office, the PIX 501 with a 10 user license is $449.00. But I doubt that you really need all that. A linux box should suffice.

A router does not offer true firewall protection - only NATting of addresses. While this 'hides' the machines on the inside, it doesn't block intrusion attempts.

If you're adept at UNIX, you can set up a Linux box for this. However, my first choice would be a SOHO hardware firewall such as a Watchguard http://www.cdw.com/shop/products/default.asp?EDC=203126 or a 3Com http://www.cdw.com/shop/products/default.asp?EDC=199852 or as Leon mentioned, the SOHO Pix http://www.cdw.com/shop/products/default.asp?EDC=330422

The Linux box may be cheaper for the hardware, but you can bet it'll take you a lot longer to configure, and unless you've set up a firewall rule table before, you're pretty likely to miss something important.

Ack! Being the overburdened Cisco student I am, I completely forgot about the PIX series. But I have almost no familiarity with it. Which would be a better solution between those of Jeff's suggestions?

I noticed the 3Com one has NAT and a 25 user license, which would solve numerous problems within my network. Is that the best choice?

Here's some more info on the PIX Firewalls:

http://www.cisco.com/warp/public/cc/pd/fw/sqfw500/index.shtml

http://www.cisco.com/warp/public/cc/pd/fw/sqfw500/prodlit/pixdm_ds.pdf

Cost-wise, the 3Com is your best bet (add $169 to the watchguard to upgrade to 25 users).

in terms of functionality, the Pix would probably offer the most flexibility, but is probably the most difficult to set up.

Ya, I read up on the PIX, and its prolly a little overkill. I think the 3Com is gonna be the way to go. Even has an upgrade to block selectable websites. Thanks for all your help. Just wish the Dell coupons worked in the small business section now... :mad:

Originally posted by IrishSS
Just wish the Dell coupons worked in the small business section now...

Give it a few days - they change them pretty frequently.