Security Basics mailing list archives
RE: client firewall recommendations
From: "Hagen, Eric" <ehagen () DenverNewspaperAgency com>
Date: Mon, 6 Oct 2003 16:59:39 -0600
I would point out that the configuration options of a SoHo router/firewall is very limited. The EtherFast router/firewall has limited options for firewall configuration (basically just a port-forward in a NAT with no options). It does provide DMZ, but I don't believe you can customize the configuration beyond that. The IDS logging capability is seriously lacking in this type of SoHo router, and it's ability to do really useful things like host-specific firewall rules and stateful packet inspection are nonexistant. These are reasons to choose a "real" firewall like a PIX instead of a home office soltion. If the user only needs the most basic port-forwarding for a small number of non-critical services and not much else, then this router is fine, but for Enterprise class networks, critical systems or sensitive data, a "home gateway" such as this is definately not acceptable. Eric Hagen -----Original Message----- From: Dana Rawson [mailto:absolutezero273c () nzoomail com] Sent: Monday, October 06, 2003 12:18 PM To: security-basics () securityfocus com Subject: client firewall recommendations Please forgive me for asking such a basic question, but I can't seem to find the answers I'm looking for. I have a client installing a cable modem at his business. He called me up asking if I would bless the installation of a Linksys BEFSX41 EtherFast firewall at $75 that co-workers recommended, after I recommended the Cisco PIX 501 at $500+. That would be acceptable to me if it were as secure as the PIX 501. Trouble is I haven't got experience with either product to have a preference, and I would rather not make a recommendation without having more knowledge, and possibly be held liable in the future should a security lapse occur. Is one more secure than another? Thanks in advance. --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- client firewall recommendations Dana Rawson (Oct 06)
- <Possible follow-ups>
- RE: client firewall recommendations Hagen, Eric (Oct 06)
- Re: client firewall recommendations Dana Rawson (Oct 07)
- Re: client firewall recommendations Paul Stewart (Oct 08)
- RE: client firewall recommendations HOULE, FRANCIS (Oct 21)