DSL Router vs XP Firewall
-
Does anyone have suggestions about the Firewall provided by the Netgear DSL Router I am using? I'm a bit confused about which Firewall is better the DSL Router or Win XP's. Currently I have the XP Firewall disabled, relying on my DSL Router one instead. It seems like this would be the best way to go from a performance perspective. But I am not sure about how secure it is. Is there anything I need to do to ensure it's effectiveness? It's good to be alive, Josef Wainz Programmer Analyst
So in summary, use both the hardware firewall and a product like Zone Alarm. Thanks!
-
As I am looking at some of the Sonicwall products I see a wireless firewall/router. Are these firewall/routers also very good? Do you have other recommendations when setting up wireless besides, encryption, only allowing specific mac addresses to connect?
There are 10 kinds of people in this world. Those who understand binary and those who don't. We shouldn't assume something's debugged just because everyone in the whole world has access to the source code.
I use their products in a number of applications for clients. Wireless being one of them. I think they have outstanding products over-all that rank really well. If security is your concern they are an excellent choice. If I'm not using a SonicWALL product with built in wireless defenses then I prefer a product that supports: WPA-PSK MAC Filtering Restricted user/password access to WLAN using VPN or some other authentication method. WEP is crackable and should be avoided. -------------- The really nice thing about SonicWALL is that the WLAN is on it's own subnet. Meaning that it's not on the same IP address as your LAN. So if you set your lan at 192.168.0.X then your WLAN must be on 192.168.1.X or some other subnet like 10.200.6.X. This is a nice security feature and completely denies LAN access from the WLAN. You must create rules on the firewall that grant the WLAN access to the LAN. If I wanted to go cheap I would employ two linksys routers. One wireless and one not. Then I would set up the Wireless behind the wired (which means connect the wired directly to your ISP) then I would plug the Wireless in to LAN port 1 of the wired. I would then set up rules on the Wireless to restrict access to the LAN basically I'd block all IP addresses, block all MAC addresses by default and manually configure it from there. If you really want to lock it down hard you also configure your subnet masks on each device and optionally bring in a 3rd router for the LAN. 3 routers would be an *almost* as good SonicWALL TZ setup for about 1/4 the price but this means you really need to know your stuff to make it all work too. I don't recommend a 3 router config though I have done such things for clients wanting multiple redundant security or that wanted to have their kids with one type of internet access (highly restricted) while mom and dad had unrestricted access. The sky is the limit. The SonicWALL's are an outstanding product and I couldn't recommend them more. If you get one get they 8x5 or the 24x7 support and then you'll have access to SonicWALL certified tech's that can help you configure your device just how you want it. - Rex
I know you can't become if you only say what you would have done and you'll miss a million miles of fun." - Len Work hard, play hard. Don't forget who you are and don't forget where you're from. Do all these things well and you won't have to wonder where you are going.
-
I use their products in a number of applications for clients. Wireless being one of them. I think they have outstanding products over-all that rank really well. If security is your concern they are an excellent choice. If I'm not using a SonicWALL product with built in wireless defenses then I prefer a product that supports: WPA-PSK MAC Filtering Restricted user/password access to WLAN using VPN or some other authentication method. WEP is crackable and should be avoided. -------------- The really nice thing about SonicWALL is that the WLAN is on it's own subnet. Meaning that it's not on the same IP address as your LAN. So if you set your lan at 192.168.0.X then your WLAN must be on 192.168.1.X or some other subnet like 10.200.6.X. This is a nice security feature and completely denies LAN access from the WLAN. You must create rules on the firewall that grant the WLAN access to the LAN. If I wanted to go cheap I would employ two linksys routers. One wireless and one not. Then I would set up the Wireless behind the wired (which means connect the wired directly to your ISP) then I would plug the Wireless in to LAN port 1 of the wired. I would then set up rules on the Wireless to restrict access to the LAN basically I'd block all IP addresses, block all MAC addresses by default and manually configure it from there. If you really want to lock it down hard you also configure your subnet masks on each device and optionally bring in a 3rd router for the LAN. 3 routers would be an *almost* as good SonicWALL TZ setup for about 1/4 the price but this means you really need to know your stuff to make it all work too. I don't recommend a 3 router config though I have done such things for clients wanting multiple redundant security or that wanted to have their kids with one type of internet access (highly restricted) while mom and dad had unrestricted access. The sky is the limit. The SonicWALL's are an outstanding product and I couldn't recommend them more. If you get one get they 8x5 or the 24x7 support and then you'll have access to SonicWALL certified tech's that can help you configure your device just how you want it. - Rex
I know you can't become if you only say what you would have done and you'll miss a million miles of fun." - Len Work hard, play hard. Don't forget who you are and don't forget where you're from. Do all these things well and you won't have to wonder where you are going.
Something like this would be for personal use so the support may push it over the price I want to spend. I felt the price for the wireless router/firewall was within reason for my home use. Are they hard to configure? I have configured diffent types of firewalls before. I have configured a checkpoint firewall for rules. Does it have a gui interface or is something that I would need some kind of support to set up? Do you have a wireless set up at home and are using a sonicWall product? If not do you mind me asking what your set up is? THANKS!! :-D
There are 10 kinds of people in this world. Those who understand binary and those who don't. We shouldn't assume something's debugged just because everyone in the whole world has access to the source code.
-
Something like this would be for personal use so the support may push it over the price I want to spend. I felt the price for the wireless router/firewall was within reason for my home use. Are they hard to configure? I have configured diffent types of firewalls before. I have configured a checkpoint firewall for rules. Does it have a gui interface or is something that I would need some kind of support to set up? Do you have a wireless set up at home and are using a sonicWall product? If not do you mind me asking what your set up is? THANKS!! :-D
There are 10 kinds of people in this world. Those who understand binary and those who don't. We shouldn't assume something's debugged just because everyone in the whole world has access to the source code.
Edits are in bold. BrockVnm wrote: Something like this would be for personal use so the support may push it over the price I want to spend. They are not hard to set up and I'd be happy to help you. If you are not doing anything complex it should work out of the box. It has a nice Wizard Based interface you can get to and it's pretty easy from there. I use SonicWALL everywhere. I have one connection on a Watchguard Firebox and that's because the crummy firebox won't work on anything else. I upgraded a client from it to SonicWALL and bought the firebox from him. I'm running TZ-170 SP and TZ-170 Wireless everywhere. I own/operate/admin about a dozen of these devices for clients. I've been with SonicWALL since the SOHO2 a now discontinued product. They beat Cisco PIX firewalls for performance, features, security and price. It's an excellent product. So I am on a dual WAN. I use the TZ-170 Wireless with SonicOS Enhanced. I love it but I'm a firewall rule freak. Nothing comes in or goes out without being manually routed by my rules. I then fork it into the Firebox that also DUAL WAN's on a satellite internet connection. The SonicWALL has authority on the entire network. It sends me email alerts of potential security threats and daily reports of firewall traffic and activity. I do a lot of different development and I need different subnets to test some of the code I write that's why I have so much security. For anybody wanting Wireless and a single point security device I recommend the TZ-170 Wireless (SonicOS Enhanced is optional not required) for anybody wanting good WAN security no Wireless I recommend the stock TZ-170. If you are running servers and allowing other inbound requests I recommend getting the Security Bundle but that's because I'm the guy that gets fried like an egg if something goes wrong. In 99.9999% of cases a stock TZ-170 is going to be a steel curtain. If you combine the TZ-170 with desktop security from ZoneLabs you have ZERO concerns in this life except your own stupidity. Which can/will still kill you if you are not careful. That goes with any security product though not just SonicWALL and I say the odds go up with lesser products. - Rex
I know you can't become if you only say what you would have done and you'll miss a million miles of fun." - Len Work hard, play hard. Don't forget who you are and don't forget where you're from. Do all these things well and you
-
Edits are in bold. BrockVnm wrote: Something like this would be for personal use so the support may push it over the price I want to spend. They are not hard to set up and I'd be happy to help you. If you are not doing anything complex it should work out of the box. It has a nice Wizard Based interface you can get to and it's pretty easy from there. I use SonicWALL everywhere. I have one connection on a Watchguard Firebox and that's because the crummy firebox won't work on anything else. I upgraded a client from it to SonicWALL and bought the firebox from him. I'm running TZ-170 SP and TZ-170 Wireless everywhere. I own/operate/admin about a dozen of these devices for clients. I've been with SonicWALL since the SOHO2 a now discontinued product. They beat Cisco PIX firewalls for performance, features, security and price. It's an excellent product. So I am on a dual WAN. I use the TZ-170 Wireless with SonicOS Enhanced. I love it but I'm a firewall rule freak. Nothing comes in or goes out without being manually routed by my rules. I then fork it into the Firebox that also DUAL WAN's on a satellite internet connection. The SonicWALL has authority on the entire network. It sends me email alerts of potential security threats and daily reports of firewall traffic and activity. I do a lot of different development and I need different subnets to test some of the code I write that's why I have so much security. For anybody wanting Wireless and a single point security device I recommend the TZ-170 Wireless (SonicOS Enhanced is optional not required) for anybody wanting good WAN security no Wireless I recommend the stock TZ-170. If you are running servers and allowing other inbound requests I recommend getting the Security Bundle but that's because I'm the guy that gets fried like an egg if something goes wrong. In 99.9999% of cases a stock TZ-170 is going to be a steel curtain. If you combine the TZ-170 with desktop security from ZoneLabs you have ZERO concerns in this life except your own stupidity. Which can/will still kill you if you are not careful. That goes with any security product though not just SonicWALL and I say the odds go up with lesser products. - Rex
I know you can't become if you only say what you would have done and you'll miss a million miles of fun." - Len Work hard, play hard. Don't forget who you are and don't forget where you're from. Do all these things well and you
Great!!! I am diffently going to try and pick up this firewall. I have been looking for a decent firewall to use at home. I had a PIX 501 which is great but I find it a pain. My old job upgraded to Checkpoint so they sold me the old PIX really cheap. I also want wireless but am paranoid about having my connection high jacked. I am also working on some development at home so this will be nice to have. If I have questions I will email you for sure once I end up buying it. Thanks for all of your help, it has been extremely helpful!
There are 10 kinds of people in this world. Those who understand binary and those who don't. We shouldn't assume something's debugged just because everyone in the whole world has access to the source code.
-
Great!!! I am diffently going to try and pick up this firewall. I have been looking for a decent firewall to use at home. I had a PIX 501 which is great but I find it a pain. My old job upgraded to Checkpoint so they sold me the old PIX really cheap. I also want wireless but am paranoid about having my connection high jacked. I am also working on some development at home so this will be nice to have. If I have questions I will email you for sure once I end up buying it. Thanks for all of your help, it has been extremely helpful!
There are 10 kinds of people in this world. Those who understand binary and those who don't. We shouldn't assume something's debugged just because everyone in the whole world has access to the source code.
Send an email to info@sonicguard.com in the subject do something like: Hillel/Ryan/Howard, Another developer I work with recommended that I get a SonicWALL product for wireless security and WAN protection. I'm going to be ordering this {product} from you today. Rex Winn is who recommended you and he also recommended I email asking for his partner discount on the product. I realize he is a partner and I am not but since he will be assisting me with the product he thought you might honor his discount. If you choose not to that is okay. He was not sure if you would or not. Best Regards, {} ---------------------- If they give you my price it might save you about $100 on the deal. I don't mind at all that you ask. If you don't ask they cannot say no. I truly will be assisting you if you need it so that's all true and up front. Good luck with the order and the product. I don't think you will be disappointed. make sure you order from http://www.sonicguard.com - Rex
I know you can't become if you only say what you would have done and you'll miss a million miles of fun." - Len Work hard, play hard. Don't forget who you are and don't forget where you're from. Do all these things well and you won't have to wonder where you are going.
-
Send an email to info@sonicguard.com in the subject do something like: Hillel/Ryan/Howard, Another developer I work with recommended that I get a SonicWALL product for wireless security and WAN protection. I'm going to be ordering this {product} from you today. Rex Winn is who recommended you and he also recommended I email asking for his partner discount on the product. I realize he is a partner and I am not but since he will be assisting me with the product he thought you might honor his discount. If you choose not to that is okay. He was not sure if you would or not. Best Regards, {} ---------------------- If they give you my price it might save you about $100 on the deal. I don't mind at all that you ask. If you don't ask they cannot say no. I truly will be assisting you if you need it so that's all true and up front. Good luck with the order and the product. I don't think you will be disappointed. make sure you order from http://www.sonicguard.com - Rex
I know you can't become if you only say what you would have done and you'll miss a million miles of fun." - Len Work hard, play hard. Don't forget who you are and don't forget where you're from. Do all these things well and you won't have to wonder where you are going.
Wow, thanks alot! I apprciate it. I will let you know once I order it. Thanks!! :-D
There are 10 kinds of people in this world. Those who understand binary and those who don't. We shouldn't assume something's debugged just because everyone in the whole world has access to the source code.
-
Does anyone have suggestions about the Firewall provided by the Netgear DSL Router I am using? I'm a bit confused about which Firewall is better the DSL Router or Win XP's. Currently I have the XP Firewall disabled, relying on my DSL Router one instead. It seems like this would be the best way to go from a performance perspective. But I am not sure about how secure it is. Is there anything I need to do to ensure it's effectiveness? It's good to be alive, Josef Wainz Programmer Analyst
If it's not part of XP, it's better. That would make your dsl router better. ------- sig starts "I've heard some drivers saying, 'We're going too fast here...'. If you're not here to race, go the hell home - don't come here and grumble about going too fast. Why don't you tie a kerosene rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt "...the staggering layers of obscenity in your statement make it a work of art on so many levels." - Jason Jystad, 10/26/2001
-
I want to second CF's ZASS recommendations ... I upgraded to the pro version 3 years ago and it keeps on getting better and better; they recently added Spyware checking to the system that has nailed down some programs even on my wife's brand new laptop! HP and BestBuy - shame on you guys for loading spyware on new computers!! X| Zone Labs has developed an excellent product that they actively maintain, update and improve upon (what more can you ask for). As for the software/hardware question - I too run both a hardware and software firewall. Hardware through my wireless router and software on all my machines. Better to be safe than sorry ... :-D
:..::. Douglas H. Troy ::..
Fold with us|Development Blogging|viksoe.dk's site -
Nope. It was a redir that was put in that redirs all URL requests through a tracking site's proxies ... I do not recall the name (since I am not by/near the machine, I cannot tell you exactly what it was/is called). I'll check, if I can remember, when I get home tonight to see what it was and post a new thread discussing it ...
:..::. Douglas H. Troy ::..
Fold with us|Development Blogging|viksoe.dk's site
