Re: Linksys BEFSX41 vs. high end firewalls
From: MyndPhlyp (notreally_at_home.now)
Date: 12/02/03
- Next message: NeoSadist: "Re: IPTables Blocking Outbound by destination port."
- Previous message: G Klein: "Re: Catch 22 with Norton Internet Security"
- In reply to: Mig: "Linksys BEFSX41 vs. high end firewalls"
- Next in thread: Jim Hubbard: "Re: Linksys BEFSX41 vs. high end firewalls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 02 Dec 2003 01:24:13 GMT
"Mig" <ebthor@hotmail.com> wrote in message
news:ced2434b.0312011600.474cad2a@posting.google.com...
> I have a small medical office customer that is trying to save money
> wherever possible and want an inexpensive router for DSL internet
> access. We want to stay within HIPAA guidelines, but I can't really
> figure out if we need a high end unit like the Cisco Pix series, or if
> the firewall in the BEFSX41 is sufficient. Some of the features it
> advertises are:
>
> Protects PCs from Ping of Death, SYN Flood, Land Attacks, IP Spoofing,
> and Other DoS (Denial of Service) Attacks
> The Router can be configured to limit internal users' Internet access
> based on URLs and/or time periods-URL filtering and time filtering.
> For enhanced protection against intruders from the Internet, the
> Router features an advanced Stateful Packet Inspection firewall.
>
> Can anyone offer some advise on the matter?
Most Internet router/firewall devices offer protection against DoS attacks.
But that isn't a concern of HIPAA.
The BEFSX41 has a Block WAN Requests feature (as does the even lower end
BEFSR41) that effectively halts inbound requests for services.
SPI is (at least from what I've been told by the product manager for the
BEFSX41) still alive and well in this unit. It was disabled in other units
due to problems. There is no option for enabling or disabling SPI on the
BEFSX41.
On the outbound side, your quotation above has some marketing fluff that
should be ignored - specifically the bit about limiting the internal user's
access based on URLs. There are a very small number of entries that can be
configured into the BEFSX41 making this feature rather useless. From
personal experience, it caused more problems than it solved.
The time of day limiting feature is of some benefit, but it is a global
setting as opposed to a MAC address or IP address setting. Setting time
constraints will affect everybody on the LAN.
There is a port filtering option, again with a very limited number of slots
for configuring. You will have a real problem with is implementing a "block
everything except ..." type of configuration if you require something as
basic as FTP for file downloads and uploads. If the ports you use are for
services that do not change port numbers after the initial connection, it
may work for you. At the very least, you can block the Microsoft Networking
and other rather noisy machine advertising from escaping to the Internet.
HIPAA, however, is more concerned with access to confidential data. Your
plan should start with the basics. Focus on the human element and the
workplace environment. Only then can you formulate what the firewall should
do. (For example, how would you prevent Mrs. Jane Doe from uploading a file
containing patient records to an FTP server somewhere out on the Internet
and then selling or publishing that information? What tools would be
available to track down the perpetrator should such an event occur?)
You may find, after a more thorough examination of your situation, that
Internet access should be allowed to very few on the network and even then
at a most limited basis.
- Next message: NeoSadist: "Re: IPTables Blocking Outbound by destination port."
- Previous message: G Klein: "Re: Catch 22 with Norton Internet Security"
- In reply to: Mig: "Linksys BEFSX41 vs. high end firewalls"
- Next in thread: Jim Hubbard: "Re: Linksys BEFSX41 vs. high end firewalls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
