Re: Is Netgear FVS318 a "true" firewall?

From: Mark (nothere_at_notthere.com)
Date: 06/21/05


Date: 20 Jun 2005 18:48:03 -0500

I'd also pick holes in this statement: "Intrusion Detection features".

Netgear (and Cisco) misuse the terminology.

If AV and Spyware is a concern I would point you too a more sophisticated
solution, such as a Netscreen, Sonicwall, or Fortinet appliance (my fav is
Sonicwall at the moment). Using the Sonicwall as an example it has true
Intrusion Prevention, Gateway AV which adds a nice second layer of AV (but
you should always keep desktop/server AV as well), and anti-syware (biggie
for me at the moment).

"Leythos" <void@nowhere.lan> wrote in message
news:MPG.1d21134594e147b9989931@news-server.columbus.rr.com...
> In article <1119306325.139265.159530@g47g2000cwa.googlegroups.com>,
> pm771.am@gmail.com says...
> > I'm just a beginner in computer security in general and firewalls in
> > particular (though I've spent quite a few years in IT in application
> > development).
> >
> > Netgear FVS318 is described as "True Firewall using Stateful Packet
> > Inspection (SPI) and Intrusion Detection features, Denial of Service
> > (DoS) attack protection, and VPN pass-through for extra security."
> >
> > Will it (on its own) provide an adequate protection for a small office
> > with a shared Internet access? Does it need to be complimented by
> > anything else on the hardware side?
> >
> > If user workstations run up-to-date anti-virus and anti-spyware
> > software, is any other client side monitoring required?
>
> The 318 is a NAT box with some firewall LIKE features. I does not
> protect the protected network from anything seeking to get out - such as
> if your local computer were to get an SMTP virus, one that spams the
> world using it's own built-in SMTP engine, the 318 would not stop it
> from getting out and attacking the world.
>
> A firewall has independent rules for inbound and outbound, it does not
> just ALLOW all outbound by default, nor does it allow inbound by
> default.
>
> Many quality firewalls will know the difference between HTTP on port 80
> and some non-HTTP session on port 80. None of the cheap devices for home
> users can do that.
>
> Now, is it enough for a home user or small office, sure, you just need
> to know how to secure the OS on each system, understand that basics of
> true network and application security, and how to lock down the network
> and workstations against stupid/ignorant users running them.
>
> --
> --
> spam999free@rrohio.com
> remove 999 in order to email me