That's a nice one, but it does not appear that you can setup blocks to
incoming ports specifically. I'm looking at the manual. This link should
take you were you can download it if you don't have it handy:
http://www.alliedtelesyn.com/support/ar220e
Look at "Packet Filtering" under Chapter 5 "Advanced Configuration" for how
to block external ports. For example you can block your internal folks from
accessing external POP3 servers (ie block using the installed mail client
to check their personal email. note: this will not block webmail access).
However I think it should also give you the ability to block incoming ports
as well. Yet it may be such that anything not specifically forwared, as
setup in "Virutal Server" Ch 5, is not passed unless it is in response to a
request from an internal computer. In other words, if computer InternalA
did not initiate the conversation with External01 then External01 cannot on
it's own contact InternalA. I can't tell for sure if this is the situation
with your router or not.
Personally I wouldn't trust it unless it specifically said so in the
documentation, to which I can't find it, or tech support explained it fully
to me. But there has got to be some sort of blocking built in or why the
inclusion of a DMZ port? I am impressed with the fact that it supports
IPSEC and ISAKMP forwarding. That is probably where the price tag came
from. What that means is you can have those types of VPN servers behind the
router and external users could connect to it and their data would be
encrypted. Not all routers or firewalls support this.
Don't ditch the router just yet. What I would do is put ZoneAlarm on
some of the computers for 30 days (I think that is their allowed business
trial). Make sure you check that the network card is the LAN interface.
Since the router does NAT (so that you only need one internet IP) I will
assume your internal IP scheme is one of the non-internet ones (ex
192.168.xxx.xxx). If this is so then ZoneAlarm will be able to
differentiate between internet and LAN communications. Set the LAN to
medium or low and the internet to high and have it log alerts. Keep an eye
on how many and what kind of alerts you are recieving.
Pings (ICMP echo) are not that big of a deal every once in a while, but I
personally do not like them being able to reach my internal computers from
the internet. Attempts to access NetBIOS (137, 138, & 139) are something
to worry about. Also attempts to access any service such as HTTP (80), FTP
(21), POP3 (110), SMTP (25), etc are as well if you are not intentionally
running them (ie you don't have an interal web server). Do a 'security
check', such as is available here:
http://www.dslreports.com/scan
This is a good read:
http://www.dslreports.com/faq/security
This is money down the drain once you know how to take care of it yourself:
http://www.dslreports.com/secureme
Once you've established if you have any weaknesses then you see if your
current router can address them or not. If it can't, then you look at the
solutions available. ZoneAlarm or Norton Internet Security are one, but
they need to be installed on every computer. Buying another router with
firewall capabilities built in is a second. Other options include a
hardware firewall, like Sonicwall:
http://www.sonicwall.com/
or a single point software firewall, such as CheckPoint (which I have a
strong dislike for, but their FW-1 Small Business may not be as much of a
hassle as what I used):
http://www.checkpoint.com/
or LRP (Linux Router Project, which I'm using for my work):
http://www.linuxrouter.org/
I'm using LEAF, Oxygen flavor, but Bering is the latest:
http://sourceforge.net/projects/leaf/
LRP/LEAF on an older computer (I'm using a P75 with 64meg RAM) can be used
as a complete replacement for your router, since you have a hub, or in
conjuction with it.
I prefer a single point software firewall over a hardware one, because I
can upgrade or change it as needed.
BTW, it sounds like your boss got a trojan virus. That means you are
probably in need of virus software. You can have the best firewall around,
but if you allow any access to the outside (including email) a virus like
this can likely still get on someone's computer. Think of it as you can
install the best security system in your house, but it won't stop you from
catching a cold. [grin] (BTW, my favorite AV package is CA's InoculateIT
http://www.ca.com/ )
Enjoy,
Stef
--
mailto: yodersj@earthlink.net || Drafter, Leather-worker
http://www.flatmtn.com/cad/ || Dos, Win, LT
http://www.flatmtn.com/computer/ || Computer How-To
"Derek Sevier" wrote in
news:6164C57FFDF23F3EE7F9322D2B0AB12B@in.WebX.maYIadrTaRb:
> http://www.pcconnection.com/scripts/productdetail.asp?product_id=230108
>
> That is the router that I have right now and I guess it already has a
> firewall... But do you think it is a good one? If not, please let me
> know.