Privacy guaranteed - Your email is not shared with anyone.

Very secure router/hardware firewall needed

Discussion in 'Tech Talk' started by Ragin Cajun, May 28, 2007.

  1. http://www.glocktalk.comWas talking with a friend who in in IT security. He mentioned that the typical router isn't that great a firewall. He recommended I use a Cisco router. But, Cisco routers are quite expen$ive!

    I run a small consulting engineering business and use the internet a lot, but am very careful of where I surf. My computer files are my lifeblood. I do back-up often, have Raid 1, etc.

    Any comments, recommendations, etc. on this issue?

    I do use Zone Alarm, AGV, Spybot, and Ad-aware.

  2. IndyGunFreak


    Jan 26, 2001
    I'm assuming we're talking a Wired router, and not wireless...

    You'll likely be well served by any router/firewall w/SPI(stateful packet inspection). Linksys, Netgear, DLink and others I'm sure all have very good options. I personally really like Netgear, but I have a Linksys now, and it works fine. On almost any router, you can tweak the firewall, to filter out sites, etc.... Really to me, even as just an average home user, if you have an always on connection, you need to be behind a hardware firewall/router. Once you have a good router set up, you really don't need ZoneAlarm anymore, at least I never did...


  3. NetNinja

    NetNinja Always Faithful

    Oct 23, 2001
    HotLanta, GA
    A small consulting engineering business

    Ok so what type of files that you are using or creating?

    Who are your competitors?

    Yes Cisco routers and Firewalls are expensive but you get what you pay for.

    Securing your company from the baddies should not be considered a commodity but rather an expense that you must budget yearly for.
    Support and upgrades.

    A small 1702 Cisco Router and a Cisco 506e firewall will do the trick.

    Yes there are other ways to do this on the cheap but do you have the expertise to support it?
  4. thonl

    thonl Millennium Member

    Feb 7, 1999
    Great White North
    Depends on how hands on you want to be, also.

    If you dont mind dedicating a spare PC to the cause, m0n0wall is a pretty straightforward solution, with an intuitive interface.
  5. sencless


    Sep 11, 2006
    Miami, FL
  6. KG4IDA


    Jul 4, 2002
    East Tennessee
    I have a Netgear FVS318 and love it. I believe it's been replaced with a newer model.
  7. Competitors are not an issue.

    As to support, I'm it! One man outfit. Whatever I get I have to deal with myself.

    I run ACAD 2008 as my main software on XP Pro and a very fast Del Dimension 9200, 4 GIG ram, Raid 1, etc.

    I have DSL from Bellsouth via their modem and a US Robotics 8004 router.

    The $$ will hurt!


  8. neeko


    Dec 22, 2002
    Flash a linksys or belkin with dd-wrt vpn edition. It runs ipchains as well as openvpn so you can connect to it securely from anywhere in the world.
  9. MikeG22

    MikeG22 CLM

    Jun 24, 2002
    San Diego
  10. FastZ


    Jun 11, 2007
    Definitely go with a Cisco PIX firewall! Or you can do like thonl suggested and build your own firewall. In addition to his recommendation of m0n0wall, look into Smoothwall as well. I believe both are free.
  11. Eric

    Eric Big Giant Head Staff Member Admin Moderator

    Jan 1, 1970
    I just built a WRAP (Wireless Router Appliance Platform) device, running M0n0wall. I am using a WRAP.1E-1 board, from PC Engines. This board is End-of-Life, due to the fact that AMD is no longer producing the processor on that board, but it is an outstanding piece of technology. I found a new-in-box board on eBay for less than $150 delivered. The company I bought mine from had 140 of them left last week. They are EOL, but they are still available. The board has a CF card slot for the OS and two Mini-PCI slots. I have an Atheros wireless card in one slot and a VPN Accelerator in the other.

    With the board, enclosure, power supply, Mini-PCI cards and CF card, I am in this system less than $250. The device is about 6"X6"X1". It uses so little power that it is capable of deriving its power from a LAN connection, in some cases. The device has two NIC ports, a serial port and the enclosure was already punched out for the antenna mounts. This is a slick little piece of tech. Also, having the wireless access point built into the firewall gives me much better security. The wireless interface can be configured and secured like any other interface on the box. In addition to MAC address exclusion and WEP, I have the wireless port set so that someone has to connect to the wireless and then VPN to the firewall in order to have access to anything. This adds an extra level of security to the connection.

    M0n0wall gives me a really powerful firewall and some great routing functionality. I now also have a secure VPN portal on my home network, so I don't have to keep worrying about synchronizing work files when I'm on the road.

    M0n0wall can just as easily be set up on a surplus computer, using a CF card, running strictly out of memory or installed on a hard drive. I bought the WRAP primarily because I am a gadget junkie, but it is smaller, uses less power and will be more dependable. It works fine on a PC though. That is how I was running M0n0wall before I bought the WRAP device.

    If there is any interest, I can post more info on where I bought everything. Eric