Home Network Map: Secure Enough? 1

[DavidKnows]

I doubt I've got everyone and their mothers after me, but I've been told an unsecure network is like lending your wife to anyone you meet... eventually, there will be some nasty virus. Since I love my wife (And my home network) I figured it'd be a good idea to use protection... but, will a Router be enough protection?

I was planning to connect the cable modem directly to the switch, then connect the switch to a patch panel. I was advised a Router offers 'firewall' protection, so I would use an old router (Linksys WRK54G) and hook it up before the connection to the switch is made. Is that the proper way to secure the network?

What are your thoughts? I've attached the revised 'map' for my network redesign. What can I do better?

 

[LawnBoy]

You need a firewall, not a router. Yes, most routers will perform firewall functions, but you're going to pay for routing functions that you aren't going to use. I don't think the WRK54G has a firewall built-in.

If you've got an old pc laying around you could install the Smoothwall firewall on it for free. It's an excellent product that is very easy to configure and maintain.

I would put the firewall immediately after the cable modem, as you suggest.

"We must fall back upon the old axiom that when all other contingencies fail, whatever remains, however improbable, must be the truth." - Sherlock Holmes

 

[franklin97355]

Unless your ISP allows multiple IP addresses you will want a router to handle NAT and DHCP so you have an internal network and an external network exposed to the outside world.

The answer is "42"

 

[LawnBoy]

Again, you don't have to have a router to perform NAT or DHCP. The Smoothwall package will do both if you need them.


"We must fall back upon the old axiom that when all other contingencies fail, whatever remains, however improbable, must be the truth." - Sherlock Holmes

 

[cajuntank]

The Linksys is a SPI (stateful packet inspection) level firewall. There are many facets of a security appliances nowadays and a firewall that is SPI level is the most basic. Dedicated firewall/security appliances also take several steps further by also adding application level filtering, intrusion prevention, and anti-x blocking technology.

Since your concern is leaning past simple SPI level firewall, then I would look into a unified security appliance that will address those concerns.

Never installed the Smoothwall product, but it looks like it addresses what I stated above if you have a spare pc to load to. Check out products from Sonicwall, Watchguard, Nokia, and Juniper... they'll run you upwards of $500.00 for a 10 user license model, so it works out about even money with the pc needed for Smoothwall if you don't have one.

 

[LawnBoy]

The Linksys is a SPI (stateful packet inspection) level firewall.

Are you sure the WRK54G is? It's a 'stripped down' unit, and I can find nothing about firewalling with it on Linksys's site.

"We must fall back upon the old axiom that when all other contingencies fail, whatever remains, however improbable, must be the truth." - Sherlock Holmes

 

[cajuntank]

It is a SPI level firewall, I wish I could also provide a web link stating this at Linksys, but since the age, there is no longer a "brosure" that touts this. I had one of these myself and back in the day talked to tech support about this. It's all in-built onto all of their routers for quite some time (years).

 

[LawnBoy]

Good to know, thx.


"We must fall back upon the old axiom that when all other contingencies fail, whatever remains, however improbable, must be the truth." - Sherlock Holmes