DSL & firewalls

Yahoo Archive
1
Dan,

As was mentioned in an earlier reply, you need to weigh cost with your
comfort level. We are using this same solution from Qwest and decided on
the simple and inexpensive route. The 678 is a capable router - it does
NAT, PAT, DHCP, etc - however, it does not come with the Cisco IOS and the
ability to add the firewall component. For this reason, we decided to use
Proxy Server that comes with SBS 4.5 for our firewall. I realize that Proxy
is much less powerful than other solutions, but it's easy to set up and you
already own it. After we applied service pack 1, it has been very effective
for us.

On the other hand, if you don't trust Proxy Server, the 678 does some
limited IP filtering. I think you can apply up to 10 filters. You could
set up the 678 to do DHCP and NAT and then apply filters as needed. But
then, you'd miss the fun GUI wizards that come with Proxy... <grin>

Hope this helps,

Dave Bell

-----Original Message-----
From: Dan Shallbetter [mailto:dans@...]
Sent: Monday, August 06, 2001 10:28 AM
To: vantage@yahoogroups.com
Subject: [Vantage] DSL & firewalls



We are installing a DSL line in a week. Qwest is supplying a Cisco 678
router and tells me no firewall is necessary. My ISP tells me that a
firewall is absolutely essential. Will the router provide sufficient
protection? We are running SBS 4.5, what is the best way to restrict access
with the new connection? Using Proxy or a software firewall?

Thanks
Dan Shallbetter
States Electric Mfg.





Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must have
already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder and
Crystal Reports and other 'goodies', please goto:
http://groups.yahoo.com/group/vantage/files/.
<http://groups.yahoo.com/group/vantage/files/.>
(2) To search through old msg's goto:
http://groups.yahoo.com/group/vantage/messages
<http://groups.yahoo.com/group/vantage/messages>
(3) To view links to Vendors that provide Vantage services goto:
http://groups.yahoo.com/group/vantage/links
<http://groups.yahoo.com/group/vantage/links>

Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service
<http://docs.yahoo.com/info/terms/> .




[Non-text portions of this message have been removed]
2
We are installing a DSL line in a week. Qwest is supplying a Cisco 678
router and tells me no firewall is necessary. My ISP tells me that a
firewall is absolutely essential. Will the router provide sufficient
protection? We are running SBS 4.5, what is the best way to restrict access
with the new connection? Using Proxy or a software firewall?

Thanks
Dan Shallbetter
States Electric Mfg.
3
Personally I would not go without some sort of firewall, either software of
hardware. Does the router handle NAT so that your LAN can be setup with
non-routable IP addresses? If not at least this amount of proteciton you
need a firewall. We splurged on a SonicWall-Pro but there are good software
solutions you can run on an old PC or other hardware solutions that are
cheaper. I set IP addresses on each PC (in the 192.168.168 non-routable
range) and can, if I want, restrict access by configuring a table in the
firewall. Right now I simply don't set the Gateway TCP/IP network setting
so those who don't have access can't "see" the firewall. I got rid of Proxy
Server when I installed the firewall.
-Todd C.
Harevey Vogel Mfg. Co.

-----Original Message-----
From: Dan Shallbetter [mailto:dans@...]
Sent: Monday, August 06, 2001 10:28 AM
To: vantage@yahoogroups.com
Subject: [Vantage] DSL & firewalls


We are installing a DSL line in a week. Qwest is supplying a Cisco 678
router and tells me no firewall is necessary. My ISP tells me that a
firewall is absolutely essential. Will the router provide sufficient
protection? We are running SBS 4.5, what is the best way to restrict access
with the new connection? Using Proxy or a software firewall?

Thanks
Dan Shallbetter
States Electric Mfg.





Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must have
already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder and
Crystal Reports and other 'goodies', please goto:
http://groups.yahoo.com/group/vantage/files/.
<http://groups.yahoo.com/group/vantage/files/.>
(2) To search through old msg's goto:
http://groups.yahoo.com/group/vantage/messages
<http://groups.yahoo.com/group/vantage/messages>
(3) To view links to Vendors that provide Vantage services goto:
http://groups.yahoo.com/group/vantage/links
<http://groups.yahoo.com/group/vantage/links>

Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service
<http://docs.yahoo.com/info/terms/> .




[Non-text portions of this message have been removed]
4
If you want to host a website you WILL NEED a firewall.

If not ... Life isn't quite so black and white.

If the CISCO 678 supports NAT ( Network Address Translation ) that should
ABSOLUTELY be turned on. This translates your internal TCP/IP addresses to
one external address and in the process "Hides" your internal network. The
CISCO router should also be programmed to close any IP ports that you do not
need.

One other option to explore is to program the CISCO router so that only
certain ranges of internal IP addresses can be used for Internet browsing.
Such as xxx.xxx.xxx.224 through xxx.xxx.xxx.254 can browse but lower numbers
can NOT. You would then manually assign IP addresses to your internal
clients instead of using DHCP. Or, use DHCP for xxx.xxx.xxx.050 to .149 and
set most of your clients to use DHCP and only manually assign addresses to
users that require Internet access using the higher numbers. The CISCO
router can also be programmed, in addition, to specify individual addresses
that can have access - such as servers.

If you are going to rely on the CISCO router to provide you with some
security then make sure you get a printout of the final config and desk
check it carefully. Also test to make sure it is working properly.

Having said all that ... I would sleep better at night knowing that I had a
CISCO PIX firewall ...

Like most security issues the real issue is what is peace of mind worth to
you ?

Good luck pilgrim ...

Todd Anderson

-----Original Message-----
From: Dan Shallbetter [mailto:dans@...]
Sent: Monday, August 06, 2001 10:28 AM
To: vantage@yahoogroups.com
Subject: [Vantage] DSL & firewalls


We are installing a DSL line in a week. Qwest is supplying a Cisco 678
router and tells me no firewall is necessary. My ISP tells me that a
firewall is absolutely essential. Will the router provide sufficient
protection? We are running SBS 4.5, what is the best way to restrict access
with the new connection? Using Proxy or a software firewall?

Thanks
Dan Shallbetter
States Electric Mfg.





Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must have
already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder and
Crystal Reports and other 'goodies', please goto:
http://groups.yahoo.com/group/vantage/files/.
<http://groups.yahoo.com/group/vantage/files/.>
(2) To search through old msg's goto:
http://groups.yahoo.com/group/vantage/messages
<http://groups.yahoo.com/group/vantage/messages>
(3) To view links to Vendors that provide Vantage services goto:
http://groups.yahoo.com/group/vantage/links
<http://groups.yahoo.com/group/vantage/links>

Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service
<http://docs.yahoo.com/info/terms/> .




[Non-text portions of this message have been removed]
5
While I'm sure that Proxy will work (only to a somewhat limited extent-only
as far as sharing the ISP access), I can't really say that it'll do
anything for firewall protection. Software firewalls (like NetIce,
WinGate, and others) will make it difficult for hackers, but they still
only go part of the distance. If your ISP has assigned a static address,
then they'll insist AT LEAST on a software firewall. We use a hardware
firewall called SonicWall on the cable modem, then insert Wingate between
our LAN and the SonicWall. Hardware firewalls, while not entirely
impenetrable, will provide reliable access to the cable modem, as well as
INCOMING VPN (virtual private networking) agents from the www.

Dan Maddox
Computer Operator
Pactiv Corp
v 207-756-6448
dmaddox@...

At 10:28 AM 8/6/2001 -0500, you wrote:
>We are installing a DSL line in a week. Qwest is supplying a Cisco 678
>router and tells me no firewall is necessary. My ISP tells me that a
>firewall is absolutely essential. Will the router provide sufficient
>protection? We are running SBS 4.5, what is the best way to restrict access
>with the new connection? Using Proxy or a software firewall?
>
>Thanks
>Dan Shallbetter
>States Electric Mfg.
>
>
>
>
>
>
>Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must
>have already linked your email address to a yahoo id to enable access. )
>(1) To access the Files Section of our Yahoo!Group for Report Builder and
>Crystal Reports and other 'goodies', please goto:
>http://groups.yahoo.com/group/vantage/files/.
>(2) To search through old msg's goto:
>http://groups.yahoo.com/group/vantage/messages
>(3) To view links to Vendors that provide Vantage services goto:
>http://groups.yahoo.com/group/vantage/links
>
>Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
6
You might want to look at this. It appears that Cisco isn't supporting the
678 any more. They have announced the "end of life" for the product. You
might want to ask Qwest why they are still using this router.

http://www.cisco.com/warp/public/cc/general/bulletin/rt/1310_pp.htm
<http://www.cisco.com/warp/public/cc/general/bulletin/rt/1310_pp.htm>

Ted Kitch
ted@...

-----Original Message-----
From: Dan Shallbetter [mailto:dans@...]
Sent: Monday, August 06, 2001 10:28 AM
To: vantage@yahoogroups.com
Subject: [Vantage] DSL & firewalls

We are installing a DSL line in a week. Qwest is supplying a Cisco 678
router and tells me no firewall is necessary. My ISP tells me that a
firewall is absolutely essential. Will the router provide sufficient
protection? We are running SBS 4.5, what is the best way to restrict access
with the new connection? Using Proxy or a software firewall?

Thanks
Dan Shallbetter
States Electric Mfg.





Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must have
already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder and
Crystal Reports and other 'goodies', please goto:
http://groups.yahoo.com/group/vantage/files/.
<http://groups.yahoo.com/group/vantage/files/.>
(2) To search through old msg's goto:
http://groups.yahoo.com/group/vantage/messages
<http://groups.yahoo.com/group/vantage/messages>
(3) To view links to Vendors that provide Vantage services goto:
http://groups.yahoo.com/group/vantage/links
<http://groups.yahoo.com/group/vantage/links>

Your use of Yahoo! Groups is subject to the Yahoo!
<http://docs.yahoo.com/info/terms/> Terms of Service.


[Non-text portions of this message have been removed]