RE: Security for new small company

From: David Ellis (dellis@unicam.com)
Date: 01/15/02 

From: David Ellis <dellis@unicam.com>
To: "'Keith T. Morgan'" <keith.morgan@terradon.com>
Date: Tue, 15 Jan 2002 14:26:58 -0500

That is also a good suggestion which I believe in, but you must have a solid
understanding of the OS, Misconfigured firewalls can cause havoc. But a
hardened linux box doing IPmasquerading, IPchains, and IPtables, with ssh,
and hardened with a solid routing table and 4 network cards can make for a
decent firewall.

Sincerely,

David Ellis
Systems Engineer
MCSE, CCSE, CCNA, CCA
Tecnomatix - Unicam Inc.
-----Original Message-----
From: Keith T. Morgan [mailto:keith.morgan@terradon.com]
Sent: Monday, January 14, 2002 12:32 PM
To: David Ellis; Chip McClure
Cc: security-basics@securityfocus.com
Subject: RE: Security for new small company

Linux or BSD based firewalls are also an option. There would be no
licensing cost, but it would require the use of a computer as these are not
hardware solutions.

If you have someone with a little Linux or BSD expertise around, this can be
a very cost-effective and feature-rich direction.

-----Original Message-----
From: David Ellis [mailto:dellis@unicam.com]
Sent: Friday, January 11, 2002 2:31 PM
To: 'Chip McClure'
Cc: security-basics@securityfocus.com
Subject: RE: Security for new small company

Hi, In regards to your statement about a netgear router. A device that does
nat and port forwarding is not a firewall. Easily hackable. There is no
rulebase in one of those things. You could easily get the cisco pix or as I
prefer a checkpoint FW1 for small business. I am very big on checkpoint and
it has got a lot more features then a cisco pix.

Sincerely,

David Ellis
Systems/Security Engineer
MCSE, CCSE, CCNA, CCA

-----Original Message-----
From: Chip McClure [mailto:vhm3@hades.gigguardian.com]
Sent: Thursday, January 10, 2002 1:06 PM
To: Ben
Cc: security-basics@securityfocus.com
Subject: Re: Security for new small company

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Ben,

A lot of it depends on your budget for the resources you need. If you plan
on keeping the DSL connection to your office, not expanding to a
fractional or full T1, I'd reccomend the Netgear line of firewall /
routers. I personally use a Netgear RO-318 for my home office, and it does
a great job. I do my own email, and web site from here as well. It is a
very inexpensive solution (around $175), and allows for full NAT (for a
/24 subnet) and port redirection. Also allows for 1 computer to have all
traffic inbound sent to it.

I'd honestly stay away from windows software based firewalls if it is at
all possible.

Chip

- -----
Chip McClure
Sr. Unix Administrator
GigGuardian, Inc.

http://www.gigguardian.com/
- -----

On 9 Jan 2002, Ben wrote:

>
>
> Hi,
>
> I work for a new small company, and have been
> asked to look into security with regard to our LAN and
> web connection. I am from a technical background
> but could do with some advice in the security area.
>
> Our LAN is a w2k domain with 10 clients all running
> win2k. We are going to have a DSL connection put in
> soon and i'm thinking about firewalls and
> server 'locking down'.
>
> Ideally we would like a hardware soloution for the
> firewall, at present our website + email is with a
> hosting company. Within 12-18 months though this
> may change to hosting the site + email ourselves.
>
> Could anybody recommend firewalls/security
> products - and what ever soloution we go for what
> must they be able to do?
>
> Many thanks
>
> Ben
>

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
Comment: Made with pgp4pine 1.76

iQA/AwUBPD3YEJuKtP8CSC69EQK4zgCdFpLTdTV3FEkzF3BZ6NRzUHdYrRIAoPXy
Xuyr9AtgXe1qPULt57jbFKq2
=xt45
-----END PGP SIGNATURE-----

Relevant Pages

  • Re: Defense in Depth
    ... What is meant by "layers" of security, is this: the entry points that must be ... Physical Layer - Physical access to the resources. ... attacks and other attacks that go after the software itself. ... "layer" in one long chain (lots of firewalls). ...
    (Security-Basics)
  • RE: Wireless Security for Home Users
    ... for most home users to create and/or manage 2 firewalls and a DMZ. ... As with most network security, ... investigate additional security features available from the WAP ...
    (Security-Basics)
  • RE: [Full-Disclosure] RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!
    ... > 1) I don't trust MS products for security related tasks. ... firewalls running on NT? ... necessary steps to mitigate the risk and protect yourself. ... We still had six boxes hit. ...
    (Full-Disclosure)
  • RE: IDS is dead, etc
    ... Most firewall logs are just as tough to decipher as IDSs. ... Automated security analytics is a tough animal I don't care what the system. ... firewalls and IDSs, not just IDSs. ... There is no solution to these problems, therefore IDS is dead and we ...
    (Focus-IDS)
  • PenTest Checklist
    ... wanted to know what your favorite tools/methods are for testing methods ... F- Web App Testing - tests website as an application for security holes, ... all firewalls should be tested together and ... We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, ...
    (Security-Basics)