SOHO Network Secutiry ? Basic Guide lines

Posted on 2009-05-02
Last Modified: 2012-05-06
Hello ,
Last days i am working on building up a more secure office network.
I Already bought a cisco catalys 2950 so we can have vlan control, port protection and other cisco goodies !
Now my question lies over the Perimeter and IDS, What should i get ? Should i trust a linux package like IPCOP with Snort  ? Or should i build my own rules with tables ?
Should i get a cisco pix ( used one ) or a Firebox 550e ?
We have a very small office ( 10 workers max ) , but we are very worried about network intrusion.
What is the "MUST GET" for this scenario ?
I really want some Good Layer 2 / 3 security with cisco 2950 , plus an IDS and Firewall , that we can really trust !
Thanks, may be you can help us deciding !
Question by:netwhw
    LVL 3

    Accepted Solution

    The Cisco ASA and IOS Router with the Firewall Feature Set will give you IPS and Firewalling features.  The ASA 5505 is the smaller unit designed for small branch offices.  The ASA line was designed as a combination unit whereby Cisco incorporated their firewall, IPS, and VPN Concentrator in one unit.  

    The SonicWALL TZ series has these features too.  The TZ-180 or TZ-190 would probably be a good fit for you.

    Each of these options work well to push logs to an external Syslog source.  

    IPS/IDS will cost you a yearly subscription fee no matter what your choice is.

    An open source solution will probably work for you but the support is often less than helpful.  

    Author Comment

    Do you think i shouldnt even consider IPCOP or such linux based appliances ?
    LVL 3

    Expert Comment

    Absolutely consider them.  But think about the big picture as well.  What kind of support are you going to get when and if you need it.  Cisco and SonicWALL support is excellent.  With IPCOP or other Linux based solution, you're likely to be surfing forums for hours if you have a problem.  My personal preference is to get equipment that I know has good support for upgrades and incidents.

    Author Comment

    Yes, its surelly better to have support from those guys, i searched i will probably go with the basic sonic wall, great ids, great performance and price !

    Author Closing Comment

    Great tip about sonicwall, worth the points !

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    Join & Write a Comment

    Suggested Solutions

    Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
    ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now