Does this mean we have a hardware firewall?

krishna

Not sure if we have a hardware firewall. Can anyone tell me?

This is what we have:

We have a Zoom X3 Modem/Router/Gateway

Specs say this:
• Ethernet to ADSL self learning - Transparent Bridging (IEEE 802.1D)
• Supports up to 128 MAC learning addresses
Router Mode • IP routing - RIP v2
• Static routing
• DNS Proxy
• Port Forwarding
• DHCP (Dynamic Host Configuration Protocol) server and client
• NAT (Network Address Translation)
• NAPT (Network Address and Port Translation)
• Simultaneous USB and Ethernet operation
Security • User authentication for PPP
• PAP (Password Authentication Protocol)
• CHAP (Challenge Authentication Protocol)
• Password protected system management

Also have a DLink DFE-908Dx 8 Port 10/100Mbps Dual Speed Hub

Many thanks

hawkwind

Yes

NAT (Network Address Translation)

Try a shields upo test at https://www.grc.com/x/ne.dll?bh0bkyd2

to test for any open ports

Chippy_Minton

NAT provides a basic firewall, however it's not like a true hardware firewall which can block or allow specific ports and services. See Security: Comparing NAT, Static Content Filtering, SPI, and Firewalls.

krishna

hawkwind wrote: »

Yes

NAT (Network Address Translation)

Try a shields upo test at https://www.grc.com/x/ne.dll?bh0bkyd2

to test for any open ports

Tried this. Identified 6 ports as "stealth". So what does this mean?

superscaper

krishna wrote: »

Tried this. Identified 6 ports as "stealth". So what does this mean?

Stealth means it can't even tell if your ports are open. That's a good thing. Ideally ALL your ports should be stealth. Have you got a firewall installed on your pc (or is windows firewall switched on)? Ideally you should have software firewalls on all pcs even with a hardware firewall.

Nikolai

Stealth is good. It means those ports are not visible on the internet - therefore no one can try and attack them!
Edit: beaten to it by Superscaper!

superscaper

Nikolai wrote: »

Edit: beaten to it by Superscaper!

:D :beer:

krishna

superscaper wrote: »

Stealth means it can't even tell if your ports are open. That's a good thing. Ideally ALL your ports should be stealth. Have you got a firewall installed on your pc (or is windows firewall switched on)? Ideally you should have software firewalls on all pcs even with a hardware firewall.

All other 1050 ports that Shields UP checked came up as "closed". Is that OK?

No software firewalls at present. We are in the process of upgrading some of our equipment and will be installing a server running Windows Small Business Server (as a charity we get excellent deals on the software). Will SBS come with software firewall? Would we be installing firewall on server only, or do we need to install on all PCs?

If we need an additional hardware firewall, is one of these CISCO products any use? http://www.ctxchange.org/ctx/browse_products/cisco/default.asp
Again we get cheap deals on these. If not, what would you suggest?

The PCs will all be running Win2k pro or XP pro

albertross_2

Any port probing tests you run are testing the router, not the PC. If your PC's have a local 192 or 10. ipaddress, then the outside world can't talk to them, unless they initiate the conversation.

Using a firewall inside a network environment can cause all sorts of spurious problems, slowness, timeout's, filesharing issues. So I'd concentrate on the perimeter, and make sure the PC are patched, and have upto date AV and anti-malware products.

krishna

albertross wrote: »

Any port probing tests you run are testing the router, not the PC. If your PC's have a local 192 or 10. ipaddress, then the outside world can't talk to them, unless they initiate the conversation.

Using a firewall inside a network environment can cause all sorts of spurious problems, slowness, timeout's, filesharing issues. So I'd concentrate on the perimeter, and make sure the PC are patched, and have upto date AV and anti-malware products.

Thanks. I was kind of wondering about that.