Re: Firewall recommendation
- From: "Scott M." <s-mar@xxxxxxxxxxxxx>
- Date: Wed, 29 Aug 2007 17:24:09 -0400
"Gregg Hill" <bogus@xxxxxxxxxxx> wrote in message
news:OjeML2m6HHA.1184@xxxxxxxxxxxxxxxxxxxxxxx
Scott,
"Scott M." <s-mar@xxxxxxxxxxxxx> wrote in message
news:ua%23Eg3l6HHA.2380@xxxxxxxxxxxxxxxxxxxxxxx
You also said, "That's entirely rubbish!" to Colin's comment. I am
reasonably certain that Colin knows that a consumer router is also a
"firewall" in some meaning of the term.
That's nice that you are "reasonably certain", but his statement is
contradictory to your interpretation of his meaning.
You are incorrect that Colin's statement is contradictory to my
understanding of its meaning. Why? Colin mentioned using the "...Cisco,
Watchguard and Netscreen/Juniper range of products." Anyone informed
enough to know that those products even exist is going to be well aware
that a NAT router provides BASIC firewall capability, and that most NAT
routers sold today also include SPI. I read his COMPLETE statement, not
just the first line, to make a judgment of his meaning. You apparently
made your "That's entirely rubbish!" comment in response to the first line
of his comment.
Yes, I did. I believe anyone who is that informed should make statements
that are correct. His first statement was not correct. There is no
disputing that.
The "us" to whom I refer is the 90% of people in this group who provide
the support answers to users' and other techs' questions. Most of "us"
would not use a consumer-grade firewall/router to protect our own
networks, nor would we recommend one to our clients, which in turn
prevents us from recommending one to an end user.
Well, I am part of "us" in that case and I'd challenge your 90% figure.
As I said, my 6 client business is running with a consumer
router/firewall and a software firewall.
OK, I guessed low at 90%, since your recommendation to use consumer-grade
equipment is the ONLY one I have ever seen in many years of watching these
newsgroups. There may have been others, but I have not seen one yet. So,
in my observance of these newsgroups, the figure would be higher than 99%
in favor of business-grade equipment being recommended.
But, as you say, it's a guess. And, quite frankly the percentage doesn't
matter. One size does not fit all and each scenario should be judged on its
merits.
I believe that in context, a small operation like mine
is quite well off with this solution. Since the OP did not indicate in
any way what kind of network he is working on, dismissing my suggestion
is unwarranted.
Wrong again, Scott. He did indicate that he was going to be using a
business operating system, not an XP workstation, and he mentioned that he
is already looking at SonicWALL products. When he mentioned using SBS and
considering SonicWALL, I immediately took that to mean it will be used for
a business, not a casual home user. In my professional opinion, ANY
business using a consumer-grade product to protect its data is taking a
risk. If you choose to risk your own personal data, that is one thing. To
risk compromising a business' data that may include confidential
information on dozens of that business' clients, is in my opinion,
irresponsible to the business and to that business' clients.
No it's not wrong, and my point is becomming increasingly that you seem to
like to make blanket statements and inferences that are ill-informed. Your
assertion that ANY business using a consumer-grade product is taking a risk
is meaningless since ANY system plugged into the Internet is also taking a
risk. Risk is not absolute, there are degrees of risk (which is why we all
pay different rates for insurance, for example).
To properly assess a system's needs and risks, you must know much more than
has been provided in this thread. But you have made assumption after
assumption, inference after inference based on exteemely little knowlege of
the actual system. You've come across (I don't know if intentionally or
not) as very condecending, when it appears to me that you have technical
knowledge, but not very much practical business experience evaluating needs.
Or, you just feel that every problem requires a Fort Knox solution, which is
not the case.
So, if the OP is a home user trying to protect his/her XP gaming
computer, a consumer-grade product would be fine. However, he/she
mentioned thinking about a SonicWALL or similar product to protect an
SBS network, hence the recommendations.
As I said, I use SBS and my consumer hardware/software combination is
perfectly suitable.
As I said above, if you choose to risk your own personal data, that is one
thing. To risk compromising a business' data that may include confidential
information on dozens of that business' clients, is in my opinion,
irresponsible to the business and to that business' clients. If your
client gets hacked and asks what you did to protect him, I doubt the
client will be satisfied with your answer.
But, did anyone say that confidential information and dozens of business
client's data were at stake in this case? No. You've just made that
assumption without ever investigating the needs of the OP.
Personally, I would not recommend anything to someone that I would not
be willing to use myself.
I wouldn't make a recommendation at all until I knew much more about what
the network was than has been provided. I also wouldn't dismiss a
possible solution for the same reason.
The OP mentioned SBS and SonicWALL. Those are clues that it will be used
in a business. Again, to risk compromising a business' data that may
include confidential information on dozens of that business' clients, is
in my opinion, irresponsible to the business and to that business'
clients.
My point is that a solution shouldn't be suggested OR DISMISSED based on
"clues". Find out what the needs are. Ask questions that give you real
workable answers.
Just as I would not recommend installing SBS on an XP workstation, I would
not recommend a firewall designed for home use to be used in a business,
which the original post did indeed indicate by mentioning SBS and
SonicWALL. Yes, SBS will install and run fine on a Pentium III workstation
with one hard drive, but I would neither recommend, sell, nor support it
in that configuration.
Great, but not a good analogy.
To do so would be irresponsible, just as recommending a consumer-grade
"home use" product as a firewall in a business is, in my opinion,
irresponsible.
Well, now we come to it. It's your "opinion", and you are entitled to it.
But an opinion is not a fact. My opinion is that you haven't done enough
homework on this scenario to make any recommendations. Mom and pop, who run
a small business from home that don't have any confidential client data, no
web site, but do need email and multiple workstation support, and are on a
tight budget (as the OP said he was) may just well use SBS and my "opinion"
for them might include a good consumer grade hardware firewall in
conjunction with a software firewall. That's my opinion. You really can't
say I'm wrong about it.
On the other hand, the first statement I responded to (rubbish!) was not an
opinion, it was presented as a fact...and it is rubbish because it is not
true - many (if not most) consumer grade routers do, in fact, contain a
firewall. Your "assumption" that others would just know what the poster
meant by the rest of his statement is again, an opinion. As someone who has
also been an active member of these NG's for about a decade, I know that not
all who read these posts always put 2 and 2 together like you did. My reply
was for them and it was accurate.
You choose to support your clients one way, I choose another. We each have
our reasons, and I somehow doubt that we will agree on any points, so
after your reply to this post, we should let this one die.
You haven't read anything I've said, because you are still talking about my
clients, when I've given you no reason to believe that I have ever made any
recommendations about firewalls to my clients. I've been talking about my
small business's setup, which does not have information relating to my
client's on it - that's the nature of my business. But you wouldn't know
that because you didn't take the time to investigate my setup either.
You've just gone ahead and said that my way is wrong without
knowing/identifying the needs of the network (which, by the way is the first
step in providing any kind of solution - identify the problem).
Gregg Hill
Gregg Hill
"Scott M." <s-mar@xxxxxxxxxxxxx> wrote in message
news:ulQgmOZ6HHA.5160@xxxxxxxxxxxxxxxxxxxxxxx
Please elaborate on what you consider to be a firewall. If you mean a
simple NAT router with an SPI firewall, then yes, one can be had for
under $200.
Yes, this is considered a firewall, hence my comments.
A business-grade firewall probably cannot be had for under $500-$600,
plus a UTM subscription.
Which is why I said: "You may not get an enterprise confugration..."
To which D-Link product do you refer? Most of us would not rely upon
consumer-grade products in our own businesses, much less in those of
our clients.
I don't know who the "us" is that you are referring to. But I run SBS
2003 for my small business and this type of product suits my needs just
fine. Also, I don't recall the OP discussing the needs of his
"clients", as you make reference to.
-Scott
.
- Follow-Ups:
- Re: Firewall recommendation
- From: Gregg Hill
- Re: Firewall recommendation
- References:
- Firewall recommendation
- From: mrwiegand
- Re: Firewall recommendation
- From: Scott M.
- Re: Firewall recommendation
- From: Gregg Hill
- Re: Firewall recommendation
- From: Scott M.
- Re: Firewall recommendation
- From: Gregg Hill
- Re: Firewall recommendation
- From: Scott M.
- Re: Firewall recommendation
- From: Gregg Hill
- Firewall recommendation
- Prev by Date: Re: Microsoft SharePoint Administration Web Site
- Next by Date: Re: Per server vs Per device/user Licensing question. Confused.
- Previous by thread: Re: Firewall recommendation
- Next by thread: Re: Firewall recommendation
- Index(es):
Relevant Pages
|
