AVS Forum banner

1 - 11 of 11 Posts

·
Registered
Joined
·
1,514 Posts
Discussion Starter #1
Hi,


I use a PC as my Internet router. The PC is connected on one end to the cable modem. I would be interested in some additional security between the cable modem and the router PC.

I assume there a no cable modems with integrated firewalls?


I found D-Link DSD-150 device:
http://www.dlink.com/products/?pid=486

However, it looks like it will be discontinued. Does anyone here use it?

Are there similar devices?
 

·
Registered
Joined
·
768 Posts
Is the PC you're using for routing your internet traffic only being used for that purpose? What software are you using because I know there are some X86 based software firewalls / router packaged out there that might work for you.
 

·
Registered
Joined
·
2,594 Posts
Why not use one of the many good hardware router/firewalls available? Then you can ditch the PC router or use two routers.
 

·
Registered
Joined
·
1,514 Posts
Discussion Starter #5
That ZoneAlarm box is pretty cool. Also from a price standpoint.

I looked at the sonicawall's - once every option is added, rarther expensive
 

·
Registered
Joined
·
1,106 Posts
CPU magazine has a comparo this month on these things and they concluded that they all basically suck.


Check it out.
 

·
Premium Member
Joined
·
5,818 Posts
Its much better to use a hardware firewall and disable any software based ones (ie Windows Firefall).. that' just wastes resources on your PC's, most probably not as secure, and usually have annoying as hell port trigger alarms. Any cheapo linksys, dlink, netgear, etc router/switch would be good. If you need more security options in the firefall than the generic ones on these routers, you can load free DD-WRT firmware on a compatible router. Businesses pretty much always use hardware based firewalls to protect their private networks over software based ones; just at a larger scale.
 

·
Registered
Joined
·
1,514 Posts
Discussion Starter #8
I just realized that the start of my thread didn't specify all aspects of my setup.


I'm using a PC as the "server" of my system. It has two NIC's, ISA Server 2006 (for Internet sharing) on it. It also has some SAN, printer server, and backup features.

With the ISA you get a firewall. Don't know how good or bad. What I like about this setup is that I can get a virus scanner plugin for ISA that does checking on the stream.


However, it feels a little bit naked. I would like an addtiaonl firewall in between the server box and the cable modem. A cable modem with firewall would be great. But I couldn't find one (that is actually sold).


So, I agree a hardware firewall is what I need. I don't need the typical other features found in routers. I'm looking for a wireda solution.


What device would you recommend? How much should I pay?
 

·
Registered
Joined
·
1,611 Posts
I love people with these type of setups and ask for help on an A/V site



Now...to answer your question. Any hardware-based router will give you some added protection. However, ISA goes above and beyond with the ability to allow/deny both inbound & outbound traffic. A rule can be based on IP address, packet type, port, etc. So the addition of any SPI firewall will be fine.
 

·
Registered
Joined
·
158 Posts
Well, you could go all out and add something like a Cisco 5505 for around $500, plus a couple hundred for a software license, but you'd better know what you're doing in configuring it or you're wasting your money. Actually, it's almost certainly gross overkill anyhow for a home. I would think that you do fine using something like a Netgear ProSafe 4 port firewall switch (FVS114) and still use your pc as a router (altough I've never used one in that configuration). Maybe somebody who has used one of those can chime in and confirm. Assuming that would work, you'd get SPI and other hardware-specific firewall benefits, and it should cost under $100.
 

·
Registered
Joined
·
662 Posts
Cheap "hardware" firewalls/routers aren't special. They run software too, and this is often Linux/iptables with a web interface (or even worse, a off-the-shelf embedded OS with few advanced features). These devices usually have low-power CPUs along with a small amount of memory. The Netgear FVS114 appears to have a 200 MHz CPU with 2 MB of flash and 16 MB of RAM. I don't think you'd see a whole lot of added functionality over a full-blown ISA Server installation.


Some devices have features that differentiate them from most free products, but these are the same kinds of things that ISA Server will do. These options sometimes require a subscription or additional license.


SPI isn't specific to "hardware" firewalls. iptables, ipfw, pf, and ipfilter (the major open source firewalls) all have this feature. I believe ISA Server also has SPI support, if not Windows itself.


What do you need the firewall to do? What exactly are the risks in your current setup?


Unless you are sharing the same internet connection between two separate networks, it sounds like you'd just be adding another point of failure and additional complexity. You'd be better off spending your money on something else... perhaps 64-bit hardware so you can run the next version of ISA Server when it comes out?


I personally use a RouterBoard 532A with RouterOS as a router/firewall (400MHz CPU, 64 MB RAM, 128 MB flash.) It's Linux based, but it has a very nice UI that hides the Linux part very well. I use this system because it is low-power, fanless, and reliable; if electricity were free and my time was unlimited, I'd use ISA Server or Linux running on standard PC hardware.
 
1 - 11 of 11 Posts
Top