Security Basics mailing list archives

Re: client firewall recommendations

From: Dana Rawson <absolutezero273c () nzoomail com>
Date: 7 Oct 2003 15:16:52 -0000

In-Reply-To: <21B8E7FD17E4D5119059000102703B6C05F56026 () dnant10 denver-rmn com>

Eric,

Thank you!  I will have to recommend to him the pix as his network does contain sensitive client data.

Regards.

I would point out that the configuration options of a SoHo router/firewall
is very limited.  The EtherFast router/firewall has limited options for
firewall configuration (basically just a port-forward in a NAT with no
options).  It does provide DMZ, but I don't believe you can customize the
configuration beyond that.  The IDS logging capability is seriously lacking
in this type of SoHo router, and it's ability to do really useful things
like host-specific firewall rules and stateful packet inspection are
nonexistant.

These are reasons to choose a "real" firewall like a PIX instead of a home
office soltion.  If the user only needs the most basic port-forwarding for a
small number of non-critical services and not much else, then this router is
fine, but for Enterprise class networks, critical systems or sensitive data,
a "home gateway" such as this is definately not acceptable.

Eric Hagen


---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

client firewall recommendations Dana Rawson (Oct 06)
- <Possible follow-ups>
- RE: client firewall recommendations Hagen, Eric (Oct 06)
- Re: client firewall recommendations Dana Rawson (Oct 07)
- Re: client firewall recommendations Paul Stewart (Oct 08)
  - RE: client firewall recommendations HOULE, FRANCIS (Oct 21)