Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: The Absolute need for firewall!!!!!!

The Absolute need for firewall!!!!!! 5 years 8 months ago #36657

Hi folks we are making modifications to our small business. I want to justify the use of deploying a Firewall. We are already using Mc Afee Security products as an antivirus solution in our systems. Now when, how can i justify the use of firewall . Now can there be a firewall that can do DPI( Deep packet inspection) instead , just being stateful. Now , if my concepts are not wrong, the Anti virus is checking for Layer 7 vulnerabilities. Will it not do Layer 3 checking. In the sense, cannot the antivirus or s/w based windows firewall be used as a security solution? Why do they need the firewall. I know they talk about having two bars rather than one bar to the house....analogy. But , if you have a bar, that is letting most of the malicious code through. And it is really that other bar inside that is doing the job. What is the real need for the external bar( Firewall) . And please could some one tell me about IDS/IPS in relationship to security.......

Thanks
Bharat
Bharat Chandra Penumutchu
CCENT
MS IN TELECOMMUNICATIONS
George Mason University
The administrator has disabled public write access.

Re: The Absolute need for firewall!!!!!! 5 years 8 months ago #36663

  • S0lo
  • S0lo's Avatar
  • Offline
  • Moderator
  • Posts: 1577
  • Thank you received: 7
  • Karma: 3
The first line of defense is usually the firewall. If configured correctly, it can prevent about 80% to 90% of outside attacks. Which, 1st stops these offending packets before they even get into your network, 2nd they would free your internal antivirus solution/IPS/software firewall from having to deal with this unwanted traffic, and only keep them busy trying to catch "deeper attacks".
Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
The administrator has disabled public write access.

How do i know why would i need????? 5 years 8 months ago #36672

Dear Solo,
I want to know how would i know, if i would need a firewall. I currently have a Linksys firewall. I would like to know how to improve it? I should justify the use of ASA 5505 / Sonic Wall. for my organization. How do i do that????? How do i justify their cost.....????? I mean security is not quantifiable right . We already are running Mc Afee IDS/IPS, do you think i would need a firewall, if so why?????


Thanks
Bharat
Bharat Chandra Penumutchu
CCENT
MS IN TELECOMMUNICATIONS
George Mason University
The administrator has disabled public write access.

Re: The Absolute need for firewall!!!!!! 5 years 8 months ago #36675

  • rizin
  • rizin's Avatar
  • Offline
  • Distinguished Member
  • Posts: 203
  • Karma: 0
Hey Bharat,

It totally depends on your organization infrastructure and data confidential environment.

Some companies are satisfied with McAfee and others not and it wholly depends on the individual preferences and satisfaction.

ASA 5505 is the latest and Sonic Wall and Pix are previous Cisco products.

If you ask my favourites, i would say Watchguard Firewall, although each vendors has their own perspective and protocols. The reason Why i choose Watch guard is cost effective than cisco products & combined with IPS/IDS, Anti-spam, content filtering, if need more you have to purchase license and just update, however it works on XTM5 series only.

Again some organization actually do not need Firewall indeed. Their servers can be managed by Kaspersky Internet security itself and access lists of Router (if you are connecting different networks or Point to Point).

As i previously mentioned it depends on the individuals and their work experience, if you ask my suggestion i would recommend Watchguard Firewall.
Known is a drop, unknown is an Ocean
The administrator has disabled public write access.

Re: The Absolute need for firewall!!!!!! 5 years 7 months ago #36690

  • jester
  • jester's Avatar
  • Offline
  • Frequent Member
  • Posts: 77
  • Thank you received: 1
  • Karma: 0
Hi,
we have different types of firewalls, its the organizational choice. we can go for hardware firewall or software firewall or we can even use a linux box as a firewall.
Its up to your companies choice.
The administrator has disabled public write access.

Re: How do i know why would i need????? 5 years 7 months ago #36697

  • S0lo
  • S0lo's Avatar
  • Offline
  • Moderator
  • Posts: 1577
  • Thank you received: 7
  • Karma: 3
Rizin has some good suggestion there. And Watchguard can be grabbed from ebay dirt cheap. Although I haven't personally tried it.
I want to know how would i know, if i would need a firewall. I currently have a Linksys firewall. I would like to know how to improve it? I should justify the use of ASA 5505 / Sonic Wall. for my organization. How do i do that????? How do i justify their cost.....????? I mean security is not quantifiable right . We already are running Mc Afee IDS/IPS, do you think i would need a firewall, if so why?????

1. Have you encountered many attacks in the recent 6 months?

2. Do you need VPN, in other words, do your users need to work from home, will your organization be more productive if employees were able to work from home?

3. Do you need some port forwarding that your Linksys can't handle. In other words, do you need to setup servers that are publicly viewable from the internet, but your Linksys can't do it, or can't do it well.

4. Is the network slow at peak times and fast at normal times? Is yours Linksys CPU running high very often? What happens when you connect your network without the Linksys firewall. Does it get faster? if the answer to these 3 question are yes, then the Linksys is probably slowing down your network traffic from/to the internet (latency).

5. Do you need advanced traffic filtering?. For examlpe, blocking certain websites.

Answering YES to all those questions probably means that you really need to consider getting a better firewall. You might argue with your company by running a trial software or (if hardware) you could convince the seller to let you try it for a month or so before hand, so that your managers would see the difference. We do that allot here in my organization.

All this is assuming your going for a high end Cisco. But in many cases, you don't have to, you could settle well with a cheap Linux box with Untangle on it (www.untangle.com/). Or try Vyata software. Or go for a Watchguard.
Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.083 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup