Network perimeter security

Toggle sidebar Toggle sidebar
U

Usernameis

Honorable
Nov 22, 2013
36
0
10,530
Hi. I am always pleased about advices and solutions received in this forum.
We got 50PCs (WIndows) and soon we will have our own fiber internet. So I am thinking about perimeter security, mostly security from outside (internet). Where are some companies offering this service with annual subscription and their product looks great, just the price is quite high. I need some advices of experts, how do they secure midsize networks. Use Fortigate or Linux Firewall? I am sure, Kaspersky at each end user and Firewall at the main router it is not enough to feel safe.
Thank you.
 
Sort by date Sort by votes
vmN

vmN

Honorable
Oct 27, 2013
1,666
0
12,160

most enterprise routers comes with a firewall interface, it's just the matter of setting it all op, whitelist/blacklist certain ports and IP's.
 
Upvote 0 Downvote
B

bill001g

Titan
Aug 9, 2012
28,325
2,755
125,640
It depends how your PC are connecting to the internet. I will assume you have not purchased a real subnet and all the PC have direct connections.

Just the NAT alone will prevent almost all type of outside attracts against the internal network. Just because it is stupid NAT and it does not know which machine to send a incoming request to it will just throw away most traffic.

You really only need incoming firewall protection if you use port mapping and/or DMZ. Those machine are then exposed.

Many routers have some minimal firewall features that prevent attacks against the router itself since that is really the only thing truly exposed when you are running a NAT installation.

Obviously if you are running servers in a DMZ or with real ip addresses you need much more advanced protection and some real firewalls will help.

Really the vast majority of my time is not spent preventing attacks from the outside it is preventing the users on the inside from doing stuff they should not.
 
Upvote 0 Downvote
U

Usernameis

Honorable
Nov 22, 2013
36
0
10,530



Yes, all our inside network (LAN) goes out through one external IP, so I totally agree with NAT.
Also, I am considering, may it would be worth to put one decent PC with installed Linux firewall and stand it between Internet and our router. Thought is it worth this hassle? Actually it could cause a small speed decrease and a whole bunch of other issues. Plus it would take me for a while to learn Linux cause never used before.
I need practical advices so much.

 
Upvote 0 Downvote
B

bill001g

Titan
Aug 9, 2012
28,325
2,755
125,640
This would be a transparent firewall which gets a little tricky. Otherwise you would have to move the NAT to this device or get more real IP addresses.

I would ignore the platform for now and good study what types of attacks firewalls prevent. Then decide how likely these are to happen to you and what the results would actually be. Pretty much when you run NAT the only attacks that can succeed are forms of denial of server and a firewall can only to a point prevent these.
 
Upvote 0 Downvote
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom