figuring out which firewall based on the following

Discussion in 'other firewalls' started by techiecool, Jun 26, 2004.

Thread Status:
Not open for further replies.
  1. techiecool

    techiecool Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    10
    to start off, i am a dba/programmer but not very networking/security savvy. currently i have one XP pro machine running that uses a cable connection. in the next week i will be adding a server 2003 machine. i plan to buy a dlink wireless router which i will keep next to the xp machine (use lan ports) and the 2k3 machine will be wireless (simpler for printing purposes). both machines are amd 2500 bartons w/ 512M Ram.

    will the hardware firewall in the dlink be enough? i also want to be able to have some type of blacklist of sites that can be accessed. we have a fortinet firewall at work and most porn/problem sites are banned through the blacklist. this is for the kids safety.

    If it's a software firewall, it would be nice to be able to admin it through the lan (2 PCs).

    in that same token, i am also looking for AV as well. if you would happen to have any suggestions.

    also, i really am not a fan of ZA or NAV. way too resource intensive. i'd prefer to know it's running but not feel it running.
    thanks and cool forum.
     
  2. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi techiecool

    ... and welcome to Wilders :).

    The router will do fine in blocking unsolicited inbound traffic.
    If application control is a concern, then you would want to consider running a software firewall on the LAN systems.

    A simple method is using a Hosts file for this. hpguru's Hosts File or MVP Hosts File. These are maintained and updated regularly (usually posted in the update forum) and you can always add to the list yourself.

    You should also check out Javacool Software SpywareBlaster and SpywareGuard to help keep family surfing safe.

    Before making suggestions for a firewall, what are your plans for the 2003 Server system? Running any services?

    To start you out looking for an AV: Nod32 and Kaspersky Lab

    I am sure others will have further suggestions for you.

    Regards,

    CrazyM
     
  3. techiecool

    techiecool Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    10
    thanks CrazyM. developing apps is cool, but i have always viewed security as the true chess match in IT. and i am really finding it interesting to do research in this area.

    2003 server will primarily be run as my .Net development machine. 2003 server will operate behind the firewall and not have any public services.

    will a hosts file be uploadable into a firewall? also how do you exempt sites in the hosts file?
     
  4. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    With the server having no special requirements have you considered what features and type of software firewall you will want to run on the LAN systems? The remote admin function may limit your choices.

    While you could have a long list of sites/rules in a firewall, the hosts file is much simpler to maintain on each system and uses no resources. My preference is to keep firewall rule sets small and focused on specific allow rules and deny everything else.

    The hosts files mentioned consist of a list of known undesirable sites and routes any connection attempts to them to localhost (127.0.0.1), thus not allowing connections. If you should need to get to site that is in the hosts file, you can remove it from the list or comment it out. The hosts file is great in this regard as it allows you to edit it to your hearts content.

    Regards,

    CrazyM
     
  5. techiecool

    techiecool Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    10
    in reference to using a hardware only firewall (the one w/ the wireless router), what risk would there be in regards to the lack of application control? otherwise, maybe i should put something like tiny personnal firewall on each machine in addition. tiny is free isn't it? well, i guess kerio and sygate are no go for 2k3 anyway, but could be good for the xp pro machine.

    the hosts file seems to be a good simple solution. thanks for the tip.
     
  6. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    The risk would be something for you to determine on how and who is using the system and how savvy they are. You mention kids/family system, in which case you would probably want something with application control.

    The new Tiny Personal Firewall 5.0 is not free. There is desktop versions and server versions. Tiny in addtion to being a firewall also has full blown application/OS sandboxing with a bit of a learning curve.

    Kerio Perosnal Firewall v2.15 (direct download link) is a great rule based firewall with application control. It is free and I believe has remote admin capability. Not sure if this version will work on 2k3.

    I do not believe the newer version 4.x of Kerio is compatible with 2k3.

    The Sygate site does not mention their versions being compatible with 2k3.

    Regards,

    CrazyM
     
  7. se7engreen

    se7engreen Registered Member

    Joined:
    Feb 6, 2004
    Posts:
    369
    Location:
    USA
    I'm very sure Kerio 2x will not install on a 2k3 server, although I think I've put Sygate on a 2k3 server before. They come & go so fast it's hard to remember. I guess you can take that with a grain of salt...
     
  8. bsilva

    bsilva Registered Member

    Joined:
    Mar 24, 2004
    Posts:
    238
    Location:
    MA, USA
    Hi Techie,

    I use Tiny software. I like tpf because it gives me total control over my pc. You can download the trial and test it out. I do believe that they are comming out with a newer version soon, so you may want to wait for that. Also they have a support forum, that you can post your questions.
     
Loading...
Thread Status:
Not open for further replies.