There are several options for a small business to obtain inexpensive protection...
A couple of methods: 1. If you have a small number of machines to protect you can use one of the private software firewall on the market (such as BlackICE or ZoneAlarm) and at least have some filtering in place (if you use the "commercial" versions - not the free ones - you can also do email attachment filtering). I personally am using the pay version of the ZoneAlarm software as a secondary firewall on my machine and have not been hit with any of the virus attachments to date because of the attachment filtering). 2. Use a SOHO firewall product such as been previously suggested although I would add the WatchGuard SOHO to the list as well. They have released a new version of their software (firmware) for the product and it has all sorts of added features you find on more expensive firewalls and is easy to administer (read: you don't need to be a Masters Degree in Computer Science to set it up and use it) - it even has the capability to allow remote users to access the trusted side of the network using IPSec VPN. 3. The least method would be using a Network Address Translation(NAT) router or Port Address Translation (PAT) router with internal private network addresses for your network - but - you are relying on your ISP NOT to pass the private network addresses through their routers to preclude direct hack attempts (can be done but not as easily as some would lead to believe - you have to steal the TCP session to do it)... I realize most small businesses getting started do not have the capital to invest in a medium range firewall and the above are suggestions I give a small business - most can be implemented by someone with a basic knowledge of firewall security practices for less than $600 or so - of course it is more expensive if you have someone do the configuration and installation... Personally I tend to lean towards the WatchGuard SOHO solution myself (and use one too) as it seems to have the greatest number of features (especially the IPSec VPN capabilities for remote connections) and it can be setup and used by most anyone (uses a web-based configuration menu or can be remotely administered through an IPSec VPN link using WatchGuard's remote management software - but the SOHO has to be configured for that first since there is a shared pass-phrase used for the IPSec key generation)... Of course - all of the above is for naught if things are not configured correctly - even on the big firewalls.... just food for thought... Gary N. McKinney, WGCP > -----Original Message----- > From: Vachon, Scott [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 14, 2002 12:38 PM > To: [EMAIL PROTECTED] > Subject: RE: Security for new small company > > > >In regards to your statement about a netgear router. A device that does > >nat and port forwarding is not a firewall. > > It is not a "true" firewall, though it is marketed as one. > > > Easily hackable. > > Can you point us to evidence to support this statement ? > > >There is no rulebase in one of those things. > > Not true. The Netgear routers do allow one to implement a rulebase via the > CLI. > > >You could easily get the cisco pix or as I prefer a checkpoint FW1 for > small business. I am very big on checkpoint and it has got a lot more > features then a cisco pix. > > Easily get ? You are assuming that a small business can " > > 1) Afford a PIX or Checkpoint FW > 2) Afford training so as to properly administrate devices from #1. > 3) Afford to hire a person proficient on #1. > > IMHO , a small business could do very well with one of the SOHO NATting > devices. They could further enhance the protection by ensuing all the host > systems have the latest patches, and up-to-date anti-virus > software running. > Yes, you are correct that PIX and FW-1 are better but, the key word was > "small business." > > ~S~ > > Disclaimer: My own two cents ! >
