best Hardware Firewall?

[Dug]

Where are you getting your definition of firewall?
And what feature is needed in a router to be able to call it a firewall?

Because every definition I've found so far for firewall basically describes what most consumer routers do.

 

[tbates757]

Originally posted by: BoberFett
Only on the internet.

Q: "So what kind of firewall should I use to protect my eMachine at home?"

A: "First you need to get rid of the eMachine and build yourself a Dual Xeon 3.06 with a Geforce 5900. Then install download an ISO of one of the linux distros. Be sure to compile it with only the options you need to conserve RAM. Then just get yourself a Cisco Catalyst and Pix."

Good one

 

[mboy]

Originally posted by: Dug
Where are you getting your definition of firewall?
And what feature is needed in a router to be able to call it a firewall?

Because every definition I've found so far for firewall basically describes what most consumer routers do.

Routers ROUTE packets. Firewalls FILTER packets. All SOHO (read home use $50 netgear, linksys etc) are NAT boxes (some of the newer ones also incorporate SPI which makes them more of a firewall since SPI inspects the packets a little further then NAT does).
NAT itself has firewalling PROPERTIES, but is not a TRUE firewall.
WHy do you think a linskys or SMC SOHO router costs $30 and a Cisco PIX 501 or SonicWall box cost $500+?

A NAT router can not filter packets by source, destination or service. They can only forward say port 21 to your LAN pc that has an ftp server running on it.
My sonicwall or a pix or whatever, I can allow 1 WAN IP, a group of WAN Ip's or all WAN Ip's to access my FTP server. and I can do it by time of day, days of week etc. by creating rules and ACL's
On a NAT box, u have NO choice, they all get forwarded no matter where they come from and when.
If u have multiple IP's a firewall (or a real enterprise router)will let u create one-to-one static routes saying everything going to this public IP get sent to this LAN PC> A SOHO NAT box can't do that (altho some newer ones with SPI have this feature.
Running a webserver? Can't do it properly with a SOHO nat box. The DMZ there places a server on the same subnet as the LAN, that box gets hacked, they can walk right into your LAN. A TRUE DMZ places the server outside the LAN inbetween the WAN. Your server gets compromised, they still have to break thru your firewall to access your LAN.
Want to block websites by domain name or IP addy? Want to block IM ports,filesharing etc? Cant do it with a typical socalled SOHO NAT router firewall.

The definitions you are seeing are from the marketing depts. of the SOHO companies.

More and more of the cheap home based routers are incorporating SPI into them and allow some basic rule setting and this is def. a step in right direction. BUt there is still a reason that they cost $50 instead of $500 and it ain't 'cause of the brand name.

Want a REAL firewall? My buddy manages 2 Sidewinder firewals that run on quad processor, $80k servers (but that is for a HUGE enterprise).

 

[bozo1]

And after all the RPC scare of last week, I've sold 6 Sonicwalls today.

 

[Tab]

Anyone have any comments on smoothwall? SmoothWall

 

[BoberFett]

mboy

So unless it's a Sidewinder, it's not a realy firewall? I've been looking at 32 way Xeon boxes from Unisys recently for work, and EMC fiber channel arrays. That's a real compouter. All you pathetic wankers around here with your single processors and RAID 0 aren't really using computers.

What a joke. Get over yourself.

 

[charlie21]

Originally posted by: Tabb
Anyone have any comments on smoothwall? SmoothWall

Yep, used it for 3-4 months, and I loved it. VERY easy to set up, and a nice web based interface.

 

[mboy]

Originally posted by: BoberFett
mboy

So unless it's a Sidewinder, it's not a realy firewall? I've been looking at 32 way Xeon boxes from Unisys recently for work, and EMC fiber channel arrays. That's a real compouter. All you pathetic wankers around here with your single processors and RAID 0 aren't really using computers.

What a joke. Get over yourself.

Where in my post did I say that? I was giving an extreme on a LARGE Enterprise firewall.
A Cisco PIX, a Sonicwall, Checkpoint-Those are firewalls. Your little $20 linksys ehterfast router isnt't.
Myabe u should get over the fact that a NAT box isn't a true firewall. Do u work for Linklsys or something?

Smoothwall, altho I never used it, I hear is pretty good. A hardened linux distro turned into a firewall only.

 

[thorin]

Originally posted by: BoberFett
So I guess you aren't using a computer because it doesn't have vacuum tubes and punchcards?

Definitions change. Get used to it.

The definition of a computer has nothing to do with vaccum tubes and/or punchcards.

Thorin

 

[mboy]

Originally posted by: desy
OK it went around consensus seems HW is better, like I asked , so how much is a HW firewall.
I thought of a NAT box as well but like you all said weak, they aren't opposed to spending the money she's a doctor
They already have Mcaffee on and updated daily which has been doing the job this last week detecting and deleting files.
I just wanted to know what was the best bang for buck personal HW firewall.
Shes not a bad user just getting a lot of hacks into her system from a cable modem, I told them they shoulda went with DSL but some never listen.

DSL or Cable makes NO difference with hack attempts.

 

[BoberFett]

Originally posted by: mboy

Originally posted by: BoberFett
mboy

So unless it's a Sidewinder, it's not a realy firewall? I've been looking at 32 way Xeon boxes from Unisys recently for work, and EMC fiber channel arrays. That's a real compouter. All you pathetic wankers around here with your single processors and RAID 0 aren't really using computers.

What a joke. Get over yourself.

Where in my post did I say that? I was giving an extreme on a LARGE Enterprise firewall.
A Cisco PIX, a Sonicwall, Checkpoint-Those are firewalls. Your little $20 linksys ehterfast router isnt't.
Myabe u should get over the fact that a NAT box isn't a true firewall. Do u work for Linklsys or something?

Smoothwall, altho I never used it, I hear is pretty good. A hardened linux distro turned into a firewall only.

You said "Want a REAL firewall? My buddy manages 2 Sidewinder firewals that run on quad processor, $80k servers (but that is for a HUGE enterprise)."

That means anything other than a Sidewinder isn't a real firewall. Guess anybody that doesn't have one at home is screwed.

 

[BoberFett]

Is it JUST POSSIBLE that there are different levels of firewalls? The lowest of those being cheap home routers?

I've never seen such a bunch of puckered assholes in my life. Who the hell made you lords of masters of defining computer hardware?

 

[mboy]

Originally posted by: BoberFett
Is it JUST POSSIBLE that there are different levels of firewalls? The lowest of those being cheap home routers?

I've never seen such a bunch of puckered assholes in my life. Who the hell made you lords of masters of defining computer hardware?

Talk about puckered A$$hole$. AND who made u the master of defining hardware? Guess no one because u need help picking ram for a Dell server!
Do you even know the difference between ROUTING and filtering? Guess not. Your career as a network admin was over before it started. (and server admin to boot).

 

[Macro2]

I feel so fortunate, my router can block outgoing as well as incoming...
Source address, Destination address, port, protocol etc. Ahh.

Mac

 

[desy]

Seems around here DSL seems better than cable .Even the cable provider itself said after last week the bug was inside its firewall and they had trouble blocking it.
So next question is a Linksys NAT/Firewall better than SW only firewall?

 

[mboy]

Originally posted by: Macro2
I feel so fortunate, my router can block outgoing as well as incoming...
Source address, Destination address, port, protocol etc. Ahh.

Mac

Then you have more then a NAT router.

 

[azev]

I agree with mboy, nat device is basicaly an internet sharing device. But as a bonus you get some firewall features.

Firewall: Computer Science. Any of a number of security schemes that prevent unauthorized users from gaining access to a computer network or that monitor transfers of information to and from the network.

I quote that from dictionary.com.

So, "Any of a number of security schemes that prevent unauthorized users from gaining access to a computer network" as of this section Linksys is a part firewall, but "or that monitor transfers of information to and from the network. " most of nat device available today doest have any type of logging that monitor in and out of packet from the network.

My opinion is, Firewall can have different meaning depending of the needs.
Some people doesnt have a clue about forwarding ports, this and that, and some other need every possible bells and wistsles that an enterprise firewall offers.

For people that only need to share their internet connections and have some sort of protection on their network, nat device is perfect. But if you want to have a very secured network with a lot of rules, then you need a device that will support what you need.

 

[mboy]

Originally posted by: desy
Seems around here DSL seems better than cable .Even the cable provider itself said after last week the bug was inside its firewall and they had trouble blocking it.
So next question is a Linksys NAT/Firewall better than SW only firewall?

Cable on the avg is faster then DSL. I have OOL cable and I have an 8mb down 1mb up conection and it is no more or less secure then dsl (actually maybe a bit more secure then most as they block netbios ports by default).

I agrre with Azev btw. Thats a fair assesment!

 

[thorin]

Originally posted by: BoberFett
Is it JUST POSSIBLE that there are different levels of firewalls?

Yes

The lowest of those being cheap home routers?

No

I've never seen such a bunch of puckered assholes in my life. Who the hell made you lords of masters of defining computer hardware?

I AM the F'ing master of the UNIVERSE haven't you heard?

I don't see why you're getting so b!tchy just because someone suggested that your notion of something was technically incorrect. Perhaps the word Firewall will become similar to the misuse of the accronym PC, since a Mac definately is a Personal Computer but that doesn't make it any more correct to refer to only Wintel (AMD et al, etc....) boxes as PCs. Simply because the majority of Joe Averages on the planet make a mistake doesn't mean it has to be accepted does it? Nor does it make it correct.

I may refer to something as a filling but if my dentist corrects me and tells me it's a cap I can accept that ..... but I guess some people just have to argue. (That's a poor example but you should get the point)

Originally posted by: desy
Seems around here DSL seems better than cable .Even the cable provider itself said after last week the bug was inside its firewall and they had trouble blocking it.

That's truely sad.

So next question is a Linksys NAT/Firewall better than SW only firewall?

Firewall yes (ie: BEFSX41) but router that supports NAT (ie: BEFSR41) not necessarily. Your best bet is either a HW Firewall (like the SX) or a Router that does NAT (like the SR) and a SW Firewall (make sure you get one that does both inbound and outbound traffic ... more info).

Thorin

 

[BoberFett]

Originally posted by: mboy
Talk about puckered A$$hole$. AND who made u the master of defining hardware? Guess no one because u need help picking ram for a Dell server!
Do you even know the difference between ROUTING and filtering? Guess not. Your career as a network admin was over before it started. (and server admin to boot).

Wow, talk about a jerkoff with no life. Stalk much? Would you like to dig through my garbage? I can send you my old underwear so you can sniff it, you freak.

 

[BoberFett]

Thorin

5th reply to this thread. By you. In big CAPITAL LETTERS! You got rather upset at the notion that somebody was trying to pass off a home broadband router as having firewall capabilities. Who's bitchy?

 

[addragyn]

Originally posted by: WarCon
Surprised no one suggested digging out an old Pentium/Pentium II class machine out of the trash or from some place like Goodwill for $25 and putting two cheap NIC's in it and setting up a secured Linux box. Be pretty cheap, just needs a bit of Linux expertise.

P.S. if anyone has a quick setup guide for something like this I would appreciate it as I am not good in Linux. (Can barely get it installed and hooked to the internet before I give up on it )

Isn't it ironic?

Try smoothwall, SCO, e-smith, or clarkconnect.

 

[Sunner]

BoberFett, so tell us, what do you do for a living?
Security expert?
Network tech/admin?
Programmer over at Checkpoint?

Im just curious, since you obviously know more about this than alot of other people, who most definately should know alot about this.

Oh and would you considder for example a Catalyst a firewall, given that it has access lists and such?

 

[Macro2]

RE:"Then you have more then a NAT router"

Oh, it will do NAT. It also has a IOS (operating system) and is very configurable. Then again, you have to learn how to configure it. Some company named Cisco makes it...

 

[Johnbear007]

The stupid thing about telling the average home user that they need a 300$ plus firewall is that they have nothing they REALLY need to protect, on the average.

It's like putting in a 300K$ security system on a 20K$ house. There isn't anything to REALLY protect for most home users. I know there are expceptions, but there isn't any reason why zonealarm + a router that does NAT is not sufficient for most home users.