Re: What firewall for small medical research lab

["Pankaj Miglani" <pankaj.miglani () gmail com>]

Hi,
You could also checkout iPolicy intrusion prevention firewall. A small
2200 box would be best suited for you with the kind of SAM's available
and the kind of performance it offers.

Check it out on www.ipolicynet.com

Regards,
Pankaj

> 2006/4/27, rmillisl () millis-it com <rmillisl () millis-it com>:
> > I have been asked to research what good, low cost, firewall solutions
> > might prove suitable for a medical research lab at a local University to
> > protect confidential patient data from outsiders.
> >
> > In addition to other research I though I would ask here.
> >
> > I realize a firewall is just one component of an overall security policy /
> > implementation.
> >
> > Basically what is needed is a simple NAT box that generally keeps
> > outsiders out, and allows authorized lab servers and workstations to
> > access certain services out on the main building network (DNS, IMAP, POP,
> > SMTP, HTTP, HTTPS, FTP, SSH) and through that network to the Internet
> > (through the main building campus/network).
> >
> > Cost is a very important factor so suggested solutions have been:
> >
> > - Pay someone to set up a PC based firewall running on surplus hardware
> > using either Fedora Core 5 and Shorewall 3.0.6 (to allow easy
> > configuration of iptables rules).  The hardware and software cost are low.
> > The time could add up. I have considerable experience with this so this
> > would be the lowest learning curve. Problem is Fedora with its frequent
> > updates may make managing this more of a chore.
> >
> > - Pay someone to set up a a PC based firewall running on surplus hardware
> > using either OpenBSD 3.7 or 3.8 and pf. The hardware and software cost are
> > low. The time could add up. I have some OpenBSD experience and no pf
> > background.
> >
> > - Pay someone to set up a a Linksys or D-Link broadband
> > switch/firewall/router. The hardware cost is low. The time to set up may
> > be minimal (Plug&Play + some common sense and provided firewall/filter
> > capabilities). Are these a serious and secure enough solution?
> >
> > - Some other low cost hardware or software based alternative. What else
> > might be out there that I don't know about that might be comparable in
> > cost to the D-Link or Linksys options.
> >
> > The PC based solutions I personally have the most confidence in with
> > respect to hand crafting a minimal OS build and hardening and patching the
> > OS and doing rules mostly by hand. With pf there is some concern of errors
> > introduced due to learning curve.
> >
> > Comments? Suggestions?
> >
> >
>
>
> --
> Homepage: http://www.lwang.org
> mailto:abryson () bytefocus com