Re: Firewall recommendation
- From: "Gregg Hill" <bogus@xxxxxxxxxxx>
- Date: Wed, 29 Aug 2007 21:09:01 -0700
In line!
"Scott M." <s-mar@xxxxxxxxxxxxx> wrote in message
news:OVsrnLo6HHA.4816@xxxxxxxxxxxxxxxxxxxxxxx
"Gregg Hill" <bogus@xxxxxxxxxxx> wrote in message
news:OjeML2m6HHA.1184@xxxxxxxxxxxxxxxxxxxxxxx
Scott,
"Scott M." <s-mar@xxxxxxxxxxxxx> wrote in message
news:ua%23Eg3l6HHA.2380@xxxxxxxxxxxxxxxxxxxxxxx
You also said, "That's entirely rubbish!" to Colin's comment. I am
reasonably certain that Colin knows that a consumer router is also a
"firewall" in some meaning of the term.
That's nice that you are "reasonably certain", but his statement is
contradictory to your interpretation of his meaning.
You are incorrect that Colin's statement is contradictory to my
understanding of its meaning. Why? Colin mentioned using the "...Cisco,
Watchguard and Netscreen/Juniper range of products." Anyone informed
enough to know that those products even exist is going to be well aware
that a NAT router provides BASIC firewall capability, and that most NAT
routers sold today also include SPI. I read his COMPLETE statement, not
just the first line, to make a judgment of his meaning. You apparently
made your "That's entirely rubbish!" comment in response to the first
line of his comment.
Yes, I did. I believe anyone who is that informed should make statements
that are correct. His first statement was not correct. There is no
disputing that.
Well, I took his entire comments into consideration, rather than micro-focus
on one sentence. You are **absolutely correct** in that the one sentence is
incorrect, but the gist of the whole post indicates that he knows that a
consumer-grade router has a firewall. Had you responded with a less
antagonistic reply to him, minus the "That's entirely rubbish!" comment, we
would not be discussing this point.
The "us" to whom I refer is the 90% of people in this group who provide
the support answers to users' and other techs' questions. Most of "us"
would not use a consumer-grade firewall/router to protect our own
networks, nor would we recommend one to our clients, which in turn
prevents us from recommending one to an end user.
Well, I am part of "us" in that case and I'd challenge your 90% figure.
As I said, my 6 client business is running with a consumer
router/firewall and a software firewall.
OK, I guessed low at 90%, since your recommendation to use consumer-grade
equipment is the ONLY one I have ever seen in many years of watching
these newsgroups. There may have been others, but I have not seen one
yet. So, in my observance of these newsgroups, the figure would be higher
than 99% in favor of business-grade equipment being recommended.
But, as you say, it's a guess. And, quite frankly the percentage doesn't
matter. One size does not fit all and each scenario should be judged on
its merits.
Whether it is a guess or not, as you say, the percentage doesn't matter, so
why would you "challenge" the figure if it means so little to you? I was
just making the point that your recommendation is the first that **I** have
seen for a consumer-grade product. Perhaps I should have used the term "by
far the vast majority" instead of a guess at a percentage, but I did not
think anyone would actually try to analyze the exact percentage to see if I
got it right.
I believe that in context, a small operation like mine
is quite well off with this solution. Since the OP did not indicate in
any way what kind of network he is working on, dismissing my suggestion
is unwarranted.
Wrong again, Scott. He did indicate that he was going to be using a
business operating system, not an XP workstation, and he mentioned that
he is already looking at SonicWALL products. When he mentioned using SBS
and considering SonicWALL, I immediately took that to mean it will be
used for a business, not a casual home user. In my professional opinion,
ANY business using a consumer-grade product to protect its data is taking
a risk. If you choose to risk your own personal data, that is one thing.
To risk compromising a business' data that may include confidential
information on dozens of that business' clients, is in my opinion,
irresponsible to the business and to that business' clients.
No it's not wrong, and my point is becoming increasingly that you seem to
like to make blanket statements and inferences that are ill-informed.
You stated, "Since the OP did not indicate in any way what kind of network
he is working on...." That statement is indeed wrong, and my response to
that particular statement is not a "blanket" response. The mere mention of
SBS and SonicWALL indicate that this is NOT an end user trying to protect a
workstation, more probably a person trying to protect his business. No, I do
not have the precise facts of his EXACT needs (and neither do you), but as I
said before, the mention of SBS and SonicWALL **indicate** a business trying
to be protected.
Your assertion that ANY business using a consumer-grade product is taking
a risk is meaningless since ANY system plugged into the Internet is also
taking a risk. Risk is not absolute, there are degrees of risk (which is
why we all pay different rates for insurance, for example).
It is far from meaningless, Scott. Every business that I have encountered
has data on its clients. By far the vast majority of home user systems have
only that particular family's data to risk. It is precisely the degree of
risk that you mention and that I have addressed by recommending a
business-grade firewall to protect a business vs. a consumer-grade firewall
to protect a business. Businesses tend to have more critical data than a
home user, and data on more persons than a home user would have. Perhaps I
should have stated any BUSINESS, vs. any HOME USER, needs to protect itself
more. A typical home user has less risk than a typical business, period. It
is precisely that risk that was being addressed.
To properly assess a system's needs and risks, you must know much more
than has been provided in this thread. But you have made assumption after
assumption, inference after inference based on exteemely little knowlege
of the actual system. You've come across (I don't know if intentionally
or not) as very condecending, when it appears to me that you have
technical knowledge, but not very much practical business experience
evaluating needs. Or, you just feel that every problem requires a Fort
Knox solution, which is not the case.
You stated, "But you have made assumption after assumption, inference after
inference based on extremely little knowlege of the actual system." Scott,
you mentioned a consumer-grade firewall in response to his post. I mentioned
a business-grade firewall. BOTH of us have made assumptions as to the actual
need, and for some odd reason, you complain about my doing it, but you
slough off the fact that you did the same thing. Why am I bad but you are
good for doing the same thing? To address your Fort Knox comment, I do not
feel that all businesses require armed guards and vaults, but I sure would
hate to face a client when their system got hacked because I failed to take
proper steps to protect them. I would hate for my own data to be protected
by some other business that runs a consumer-grade firewall.
So, if the OP is a home user trying to protect his/her XP gaming
computer, a consumer-grade product would be fine. However, he/she
mentioned thinking about a SonicWALL or similar product to protect an
SBS network, hence the recommendations.
As I said, I use SBS and my consumer hardware/software combination is
perfectly suitable.
As I said above, if you choose to risk your own personal data, that is
one thing. To risk compromising a business' data that may include
confidential information on dozens of that business' clients, is in my
opinion, irresponsible to the business and to that business' clients. If
your client gets hacked and asks what you did to protect him, I doubt the
client will be satisfied with your answer.
But, did anyone say that confidential information and dozens of business
client's data were at stake in this case? No. You've just made that
assumption without ever investigating the needs of the OP.
Neither did I say that, Scott. I said, "...that may include confidential
information on dozens of that business' clients...." Notice the words "may
include" in that sentence. I did not say the OP had that scenario. I said
that **a** business MAY have that risk, not that HIS business DOES have that
risk. Here YOU assume without reading carefully what was stated.
Personally, I would not recommend anything to someone that I would not
be willing to use myself.
I wouldn't make a recommendation at all until I knew much more about
what the network was than has been provided. I also wouldn't dismiss a
possible solution for the same reason.
The OP mentioned SBS and SonicWALL. Those are clues that it will be used
in a business. Again, to risk compromising a business' data that may
include confidential information on dozens of that business' clients, is
in my opinion, irresponsible to the business and to that business'
clients.
My point is that a solution shouldn't be suggested OR DISMISSED based on
"clues". Find out what the needs are. Ask questions that give you real
workable answers.
Again, I am the bad guy for doing EXACTLY what you did. We both made
recommendations based upon very little information, yet you ridicule me for
doing so. Nice double standard you have going there!
Just as I would not recommend installing SBS on an XP workstation, I
would not recommend a firewall designed for home use to be used in a
business, which the original post did indeed indicate by mentioning SBS
and SonicWALL. Yes, SBS will install and run fine on a Pentium III
workstation with one hard drive, but I would neither recommend, sell, nor
support it in that configuration.
Great, but not a good analogy.
Actually, it is quite an accurate analogy. It points out that just because a
particular solution **will** work, it may not be the better solution. A VW
with two flat tires can be driven across country, but a Lincoln would be
nicer! You state that a consumer-grade firewall works just fine. I pointed
out a safer solution. Yes, your method will certainly work, but NOT as well
as a business-grade solution. I have an obligation to protect my
unsuspecting clients, hence I recommended a business-grade product.
To do so would be irresponsible, just as recommending a consumer-gradeWell, now we come to it. It's your "opinion", and you are entitled to it.
"home use" product as a firewall in a business is, in my opinion,
irresponsible.
But an opinion is not a fact. My opinion is that you haven't done enough
homework on this scenario to make any recommendations.
Oh, I see. If I have an "opinion" it is a bad thing, but it is certainly OK
for you to have one? YOUR opinion is based upon YOUR own ASSUMPTIONS, just
as mine has been. Why is that OK for you but not for me? You made your
comment about consumer products without any more information than I had!
Mom and pop, who run
a small business from home that don't have any confidential client data,
no web site, but do need email and multiple workstation support, and are
on a tight budget (as the OP said he was) may just well use SBS and my
"opinion" for them might include a good consumer grade hardware firewall
in conjunction with a software firewall. That's my opinion. You really
can't say I'm wrong about it.
I see no mention by the OP of this mom and pop business about which you make
your assumption. I did not say your recommendation is wrong. I said that
"Most of us would not rely upon
consumer-grade products in our own businesses, much less in those of our
clients."
On the other hand, the first statement I responded to (rubbish!) was not
an opinion, it was presented as a fact...and it is rubbish because it is
not true - many (if not most) consumer grade routers do, in fact, contain
a firewall.
Actually, you ASSUMED that Colin's remark was a rock-solid fact stating that
there is no firewall of any kind in a consumer-grade router. Did he
explicitly say that? NO! You assumed he meant that and I assumed that he
knows better, after **reading his whole post.** The OP knows what a
SonicWALL is, and Colin's suggestion to look at the other products is valid.
Yes, if the OP stopped after reading the first sentence, there may have been
some confusion. Perhaps if the OP were to jump in here and clarify how he
interpreted the comment, we would understand better. Barring that, you are
assuming as well.
Your "assumption" that others would just know what the poster
meant by the rest of his statement is again, an opinion. As someone who
has also been an active member of these NG's for about a decade, I know
that not all who read these posts always put 2 and 2 together like you
did. My reply was for them and it was accurate.
Your reply was also an assumption. You also failed to respond to his whole
comment. Taken out of context in that way, yes, it could be confusing. Your
reply could simply have stated, "You may not get an enterprise
configuration, but you can certainly get a DLink or similar product with
integrated firewall." That would have been a lot less antagonistic.
You choose to support your clients one way, I choose another. We each
have our reasons, and I somehow doubt that we will agree on any points,
so after your reply to this post, we should let this one die.
You haven't read anything I've said, because you are still talking about
my clients, when I've given you no reason to believe that I have ever made
any recommendations about firewalls to my clients. I've been talking
about my small business's setup, which does not have information relating
to my client's on it - that's the nature of my business. But you wouldn't
know that because you didn't take the time to investigate my setup either.
You've just gone ahead and said that my way is wrong without
knowing/identifying the needs of the network (which, by the way is the
first step in providing any kind of solution - identify the problem).
I have read everything you have said, including the "...my 6 client business
is running with a consumer router/firewall and a software firewall" comment.
Also, the "I wouldn't make a recommendation at all until I knew much
more...." comment IMPLIES that you do make recommendations, and you did make
a recommendation to the OP. Yes, you gave me PLENTY of reason to believe...I
just happened to believe incorrectly. OK, so I assumed that if you have
clients (or should I say "customers"? I tend to use the terms
interchangeably), then you probably also have data on those clients or
customers. I also assumed that since you referred to them as "clients" and
that you stated, "I wouldn't make a recommendation at all until I knew much
more....", then you provide them with support and recommendations. My bad!
My point was that business-grade product would protect those clients BETTER
than a consumer-grade product.
Gregg Hill
Gregg Hill
Gregg Hill
"Scott M." <s-mar@xxxxxxxxxxxxx> wrote in message
news:ulQgmOZ6HHA.5160@xxxxxxxxxxxxxxxxxxxxxxx
Please elaborate on what you consider to be a firewall. If you mean a
simple NAT router with an SPI firewall, then yes, one can be had for
under $200.
Yes, this is considered a firewall, hence my comments.
A business-grade firewall probably cannot be had for under $500-$600,
plus a UTM subscription.
Which is why I said: "You may not get an enterprise confugration..."
To which D-Link product do you refer? Most of us would not rely upon
consumer-grade products in our own businesses, much less in those of
our clients.
I don't know who the "us" is that you are referring to. But I run SBS
2003 for my small business and this type of product suits my needs
just fine. Also, I don't recall the OP discussing the needs of his
"clients", as you make reference to.
-Scott
.
- Follow-Ups:
- Re: Firewall recommendation
- From: Scott M.
- Re: Firewall recommendation
- References:
- Firewall recommendation
- From: mrwiegand
- Re: Firewall recommendation
- From: Scott M.
- Re: Firewall recommendation
- From: Gregg Hill
- Re: Firewall recommendation
- From: Scott M.
- Re: Firewall recommendation
- From: Gregg Hill
- Re: Firewall recommendation
- From: Scott M.
- Re: Firewall recommendation
- From: Gregg Hill
- Re: Firewall recommendation
- From: Scott M.
- Firewall recommendation
- Prev by Date: RE: SBS Backup Errors
- Next by Date: RE: VSS Errors using NTBackup
- Previous by thread: Re: Firewall recommendation
- Next by thread: Re: Firewall recommendation
- Index(es):
Relevant Pages
|
