Re: router - firewall
- From: Nathan Thomas Sr <nathan_nospam_@xxxxxxxxx>
- Date: Tue, 31 Jan 2006 10:24:08 -0500
For $200, you can build a decent machine and run Smoothwall. Mine is a
533mhz w/ 256mb ram.
http://www.smoothwall.org/
Use the 2.0, since 3.0 is still Alpha...many people make the mistake of
getting 3.0 and find out it's buggy.
I have it in front of our Exchange server. I also have many 'mods' from
the 'homebrew' section of the support forums. Adzap, VPN, OpenSwan,
Squid, Sheilds Up, Labrea tarpit/honey pot, Guardian, etc.
The only issue I've had with it is UPS, but I haven't taken the time to
fix it; and I had Guardian extra touchy and it was blocking our DNS servers.
Leythos wrote:
> In article <11trh1tqnhoem0a@xxxxxxxxxxxxxxxxxx>, bzyfon@xxxxxxxxxxxxxx
> says...
>
>>hmm.... I'm not an IT guru at all :)
>>but isn't VPN the best way to access
>>company server working for example at home
>
>
> Several things:
>
> Firewall Appliances, you won't find quality units with any reasonable
> set of features for under $1000 US, and most of the good ones will run
> about $2000 for a full set of features like HTTP Proxy and SMTP Proxy
> services that can filter content (things you don't want) out of those
> sessions to provide a great level of protection.
>
> VPN, any VPN you setup for file sharing will be slow, not because it's a
> VPN, but because most users will have slow internet connections when
> compared to their normal office LAN connection. What we see is people
> that browse the network shares, click on a 200 meg file, then click 6
> more times since it didn't open instantly, then wonder why their machine
> is just sitting there - it's because it can take several minutes to
> actually open a 200 meg file over a DSL/Cable connection.
>
> Users that have dedicated workstations at the office - you can do remote
> connections several ways:
>
> 1) User VPN's into firewall appliance and then RD's into their work
> computer - firewall limits access to just their dedicated workstation.
>
> 2) User RWW's into company and does the same
>
> 3) User accesses workstation via RD or VNC and the firewall limits
> connections to users by IP address ranges.
>
> 4) Setup a dedicated Terminal Server box and then use method #1 except
> the connection is to the Terminal Server, not their desktop computer.
>
> There are other methods, but not as pretty.
>
> We setup most offices with a VPN into a firewall appliance, then limit
> them to their workstation or the terminal server and to specific ports
> needed to reach those, which means that a home users compromised
> computer (viruses) can't spread to the office computer (since we don't
> allow all ports via VPN and we don't allow mapping of drives in a RD
> session).
>
.
- References:
- router - firewall
- From: bzyf
- Re: router - firewall
- From: Steve
- Re: router - firewall
- From: bzyf
- Re: router - firewall
- From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
- Re: router - firewall
- From: bzyf
- Re: router - firewall
- From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
- Re: router - firewall
- From: bzyf
- router - firewall
- Prev by Date: Re: Blocking a Web Site with Windows SBS 2003 Standard
- Next by Date: DNS resolution
- Previous by thread: Re: router - firewall
- Next by thread: Re: $50.00 to whomever figures this out...email alias...no BS
- Index(es):
Relevant Pages
|
