James, Just to add a bit to what others have said, if your friend is cost constrained, going open source ala OpenBSD, FreeBSD, Linux, etc will no doubt be the cheapest in terms of immediate cost. An additional option is the Cisco firewall feature set, it may require your friend to purchase additional software from Cisco, which would be more expensive than the open source option. I agree completely with others, having some sort of firewall in place is the _minimum_ required for any business to connect to the Internet. Not having at least a firewall borders on criminal facilitation and in the very near future we are going to start seeing companies held liable for not exercising due diligence with regard to basic security measures if they're sites are used to attack other sites.
Having said this, unless your friend knows specifically what they are doing, putting a firewall in place may not help. They may configure it incorrectly or the server may have been compromised through "legitimate" traffic such as an IIS exploit. If the server is being used as the companies web server, putting a firewall in place might not help, they'll have to apply appropriate patches to the server or it will just be compromised again. My advice to your friend is to buy a good book on implementing network security soup to nuts including writing policies, securing perimeters, etc. It may seem like overkill for such a small network, but someone who doesn't understand the big picture is bound to end up leaving holes that will be exploited later. One book I've seen that looks good in the regard is "Inside network perimeter security" by Northcutt: In the meantime I would suggest your friend do the following: 1) Put a filter on his router blocking everything excepted necessary services, guidelines are on CCO in this regard or they can check out phrack issue 55: 2) Make sure both clients and server have the most current patch levels 3) Disable any services that are not required on the server, there is information on how to do this all over the web 4) Get a syslog server and log any denied packets from the router to the syslog server. There are syslog daemons available for Windows that can be used for a limited time for free. Syslog is standard on any Unix-like platform. Your friend can do these measures right now for no cost and minimal effort. Then they can research installing a firewall and read up on additional prudent security measures. A couple of good sites that might also help: http://www.infosyssec.net/ http://www.cisecurity.org/ http://www.sans.org/newlook/home.php HTH, Kent At 09:14 PM 11/22/2002 +0000, James Gruggett wrote: >I have a friend that has a T1 going into his 1700 series cisco router. >His ISp has stated that someone has hacked into his Win2k server and >that he must put a firewall in place. > >Do you reccomend a software or hardware based firewall and what type. > >The network consist of 1 server, 1 switch, ans 10 workstations. > > >Thanks > >[GroupStudy.com removed an attachment of type text/x-vcard which had a name >of james.gruggett.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58067&t=57893 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
