Re: Firewalls

Do you have any idea's how broad of a question that is? Are you talking personal or for a business? If for a business, then you'll need to specify a lot more then what you did.

audit

Re: Firewalls

Buy either a Pix, Sidewinder, or Checkpoint Nokia appliance. They should take care of your needs

I was looking at physical firewalls, to use here at the house, I was wondering if anyone has a cost effective solution, that beats the software firewalls.

Old box + Linux

the ip tables, thing i am guessing, I got an old p3 500 around, i suppose it should be put to use.

Hey ck3k...

Do you have a configuration of IP Tables..?
I wish to ask a copy from you...is it okay to have one..?

Thankx buddy :D

I will try and get around to it, I might also be running sniffers off of the box, so smaller the better. Thanks again everyone, and no I dont have a config for ip tables....had dial up my whole life until a few days ago.

Just one more thing to add.

IPTABLES Config Wizard

Depends what you want...
Safer generally means slower and less accessible.
Well known brands are better documented for bugs and hacks.

Hell.. these days you can even buy a gen 3 stateful inspection firewall for less than $70.00

I usually recommend the SMB Barricade to my SOHO customers. Something like the SMC7004ABR.

Benefits:
- Painless installation that works with external modem, DSL, or cable modem.
- Includes DHCP server (for those folks who don't run their own internal DNS -- and manually managing /etc/hosts is just nuts).
- Includes a lpd that turns the printer into a network printer! No more printing through someone's Windows-shares.
- No known exploits. There's been a few minor risks from internal, but nothing external.
- Inexpensive. Amazon, et. al. have it for under $80.

I generally stay away from "old Linux box" solutions for a few reasons:
1. Size/power. An old computer is big, bulky, and takes up significant physical space and electricity compared to something like the SMC, Linksys, or NetGear home firewall solutions.
2. Maintenance. You need to keep up with the patches! And hard drives/fans fail over time. The home firewall solutions have no moving parts = much less risk of failure.
3. Risk factor. It's still a "computer". I've seen black-hats compromise them and install IRC servers, back doors, etc.
4. Cost. Assuming your time is worth something, it will probably take a few hours to blow on Linux and configure the system for your liking. If you're really talented and had done it before, I'd guess 2 hours. (2 hours at a cheap $40/hr is still $80.) You cannot beat the home firewall cost.

NOTE: If you are talking for a big company, or a home with special needs (e.g., NetMeeting, or other services that require every port to be open), then I'd start looking at Cisco for the feature set. (If you can afford Cisco, then go that way, otherwise just look for the features you want and then aim toward less expensive vendors...)

I love my PIX 501

granted it's not the most intuitive (which cli firewall rulesets are), but it works well for what I'm looking for

Was recently quited sidewinder +support for around 3k. If you have that kind of money to blow....

There are many howtos on building OpenBSD (http://openbsd.org) firewalls using PF. I use them at home for my honeynet and they run on old 486s and 133s very well. Also use them as Snort nodes etc.

http://www.muine.org/~hoang/openpf.html

http://homepages.gold.ac.uk/veghead/wot/openbsd.html

You can also run a firewall off of a bootable 'live CD' distro as another alternative.


-J-

Not a bad box at all, IMHO. If you can stretch your budget to around $400 though, I'd recommend the Cisco Pix 501. They're very configurable, highly reliable, and support VPN access.