Re: Is Netgear FVS318 a "true" firewall?
From: Mark (nothere_at_notthere.com)
Date: 20 Jun 2005 18:48:03 -0500
I'd also pick holes in this statement: "Intrusion Detection features".
Netgear (and Cisco) misuse the terminology.
If AV and Spyware is a concern I would point you too a more sophisticated
solution, such as a Netscreen, Sonicwall, or Fortinet appliance (my fav is
Sonicwall at the moment). Using the Sonicwall as an example it has true
Intrusion Prevention, Gateway AV which adds a nice second layer of AV (but
you should always keep desktop/server AV as well), and anti-syware (biggie
for me at the moment).
"Leythos" <email@example.com> wrote in message
> In article <firstname.lastname@example.org>,
> email@example.com says...
> > I'm just a beginner in computer security in general and firewalls in
> > particular (though I've spent quite a few years in IT in application
> > development).
> > Netgear FVS318 is described as "True Firewall using Stateful Packet
> > Inspection (SPI) and Intrusion Detection features, Denial of Service
> > (DoS) attack protection, and VPN pass-through for extra security."
> > Will it (on its own) provide an adequate protection for a small office
> > with a shared Internet access? Does it need to be complimented by
> > anything else on the hardware side?
> > If user workstations run up-to-date anti-virus and anti-spyware
> > software, is any other client side monitoring required?
> The 318 is a NAT box with some firewall LIKE features. I does not
> protect the protected network from anything seeking to get out - such as
> if your local computer were to get an SMTP virus, one that spams the
> world using it's own built-in SMTP engine, the 318 would not stop it
> from getting out and attacking the world.
> A firewall has independent rules for inbound and outbound, it does not
> just ALLOW all outbound by default, nor does it allow inbound by
> Many quality firewalls will know the difference between HTTP on port 80
> and some non-HTTP session on port 80. None of the cheap devices for home
> users can do that.
> Now, is it enough for a home user or small office, sure, you just need
> to know how to secure the OS on each system, understand that basics of
> true network and application security, and how to lock down the network
> and workstations against stupid/ignorant users running them.
> remove 999 in order to email me