Inexpensive Firewalls for SOHO Environments


For the small office environment it is just too expensive to hire a full-time person to manage an enterprise firewall. However, you can still protect your LAN to a large degree by using a few simple products. There are both hardware and software firewall solutions. For example, cable/DSL routers use NAT, which helps to hide addresses of computers on the LAN so that hackers on the Internet will find it difficult to obtain that information. That's just the first step, however. For example, if your ISP gives you a static address that is valid on the Internet, the cable or DSL modem itself can be the subject of an attack, as well as the attached router. Thus, although clients inside your LAN might not be easy to get at directly, it could be very simple to reconfigure the router using the same type of software you used to set it up in the first place!

Tip

Even if you use NAT and an inexpensive firewall, don't forget that one of the easiest ways to penetrate your LAN is to send a virus or another similar program to you as an email attachment. A good virus-checking program that is kept up-to-date with the latest virus definitions can help prevent this problem. I would recommend that you use a virus-checking program on every computer on your network, because a well-crafted virus can spread easily after it gets onto one machine on the LAN. The price you pay for a virus checker is insignificant when compared to the cost of restoring data, which itself may have been corrupted weeks or months before you discover the virus.

Hardware Solutions

Hardware firewalls are more expensive than software firewalls because the actual hardware itself costs more to produce. Software products can be replicated for a few dollars, including packaging. However, a hardware-based firewall is not beyond the reach of a SOHO environment. You just need to be sure that the firewall you purchase performs well, as described earlier in this chapter, and that the firmware can be upgraded when necessary. The latter may not be possible on an inexpensive hardware firewall, but it is a good feature to look for when making a purchase.

Following is a list of some typical hardware-based firewalls. This is not meant to be an exhaustive list or a recommended list, but instead is presented here to give you an idea of the variety of products available:

  • WatchGuard SOHO and Firebox SOHO Security Appliance ”www.watchguard.com. This company offers firewalls that range from SOHO appliances to enterprise-scale firewall devices. The WatchGuard Firebox SOHO 6tc, which comes with a 10- user license, can be had for around $500. This product offers VPN functionality, stateful packet filtering, and Web content filtering, among other features. Antivirus software is also included. To purchase this product, read the technical literature at the Web site and then select a reseller, or an online distributor recommended by the company.

  • D-Link ”www.dlink.com. This venerable manufacturer of inexpensive routers, switches, and other hardware products that fit in well with a SOHO environment also has several SOHO firewall appliances that vary in price and capabilities. Prices range from around $90 to $250. You can make a purchase online at D-Link's Web site, or from many online Web vendors . Even the low end of this line supports VPNs, intruder logging, and stateful inspection, among other features.

  • Sonicwall ”www.sonicwall.com. From SOHO to enterprise networks, this manufacturer has a solution. At the low end you can get a firewall appliance for about $400 “$500. It includes stateful inspection in addition to the other standard firewall techniques, such as packet filtering, VPNs, and proxies. This product is sold through third-party resellers , and the Web site lets you choose by state so that you can find a local reseller. You can also call the sales office to find a reseller.

Tip

Although I don't usually recommend where to purchase network devices or software, I will in this case. After you have read the specifications for a firewall appliance you would like to purchase, it doesn't hurt to search the Internet to find a good price. Most of the discount sites, such as www.buy.com, will enable you to get the product at a discount off the manufacturer's suggested retail price. Oh, watch out for those shipping charges, though! Another feature that similar Web sites offer is a rating for each vendor. Don't necessarily go for the lowest price. Read about other users' experiences before you choose a reseller. I also suggest that you visit www.tomshardware.com, which is a great site that reviews all sorts of network and computer products. This site's reviews might just help you decide which product to purchase.

Software Solutions

Many firewall solutions are based on software. One of the problems with this approach is that you must purchase a copy for each computer on the network ”though this is not always the case. You can also set up one of your computers to act as a router for other computers, but this process can be complicated if you are not computer savvy. Yet a software solution that also includes an antivirus program may well be worth the cost. Windows XP also comes with a very basic packet filtering firewall, but this simple firewall does not go far in protecting your LAN. Other techniques discussed earlier in this chapter should be part of a software solution.

Some software firewalls to consider are listed here:

  • ZoneAlarm ”www.zonealarm.com. You can download a limited version of this firewall for testing, at no cost. This Web site also has a questionnaire that you can fill out if you decide to purchase the product. After you answer a few simple questions, this Web site can suggest which version you should purchase.

  • Norton Internet Security 2003 ”www.symantic.com. Includes intrusion detection, standard application (port) blocking, and other useful features. You can also purchase this product bundled with other Norton products, such as its antivirus software. This product and bundled products are readily available at your local computer store.

  • MacAfee Personal Firewall Plus ”www.macafee.com. A basic, easy-to-use firewall solution that should be used in conjunction with a separate product for virus protection, such as MacAfee VirusScan Online. You can usually find this at your local computer store, as separate products, or bundled together so that you can save money.

  • Sygate Personal Firewall Pro ”www.sygate.com. A good solution that offers some features that other similar products do not. Intrusion detection, VPN support, and automatic termination of known Trojan horse programs are part of this firewall, among others.

Using Both Hardware and Software Firewalls

As mentioned earlier in this chapter, Windows XP comes with a simple packet filter firewall. This basic capability simply enables you to block ports (incoming or outgoing) based on basic packet filtering. It doesn't include proxies or stateful inspection. However, if you are using Windows XP, it doesn't hurt to set the settings on XP machines to help to further control access, whether or not you have employed another firewall technique. But don't count on this as the only protection between your computer and the Internet.

To provide a greater deal of security, you might want to use both a hardware and a software solution. Use the hardware firewall appliance as the front end of the network by attaching it to your broadband connection. Then use a software firewall package on computer(s) in your network.

Whichever you choose, keep in mind that no firewall can provide a complete solution to protect a network from outsiders. New viruses, Trojan horse programs, and the like are being created every day. All antivirus and firewall devices/software should have an update feature that you can use to download new software and virus definitions on a frequent basis. This type of service typically comes free for the first year, and then you can pay a small fee for following years .



Upgrading and Repairing Networks
Upgrading and Repairing Networks (5th Edition)
ISBN: 078973530X
EAN: 2147483647
Year: 2003
Pages: 434

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net