Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

IP address and Port Filtering

Posted on 2009-06-30
7
Medium Priority
?
306 Views
Last Modified: 2012-05-07
What is the best (cost effective & easy to implement) solution to filter IP address & ports in Private WAN (not connected to Internet)

1. L3 switch
2. Router
3. Firewall
0
Comment
Question by:Arifnor
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 7

Assisted Solution

by:supports
supports earned 80 total points
ID: 24751307
For software - Firewall

however router has more options and greater security
0
 

Author Comment

by:Arifnor
ID: 24751386
What do you mean "for software - firewall" - you mean application firewall?
Can you explain further on router - more options & greater security.

BTW, I want a comparison & justification (reason) for choosing either one of that.
0
 
LVL 4

Assisted Solution

by:TurboBorland
TurboBorland earned 420 total points
ID: 24755389
He means for a software solution, use a firewall.  A router has more options and greater security because of the inherent features of a router.  With most routers you can deny traffic from certain ip's, from certain ports, and etc.  This being because it is the "gateway" between the internal network and its access to the outside world.  Everything the person does when connected to the router that's accessing outside sources needs to go through the router, thus you can apply filters on the device that will check the packets before they leave or enter your network and then apply your filters accordingly.  They offer greater security because it has one public IP address.  So in order for the attacker to get to you they'd have to first take gain control of the router, in your average case, which is only one device you have to lock down instead of worrying about the people connected, in order to communicate with the internal address/computer.
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

 
LVL 4

Assisted Solution

by:TurboBorland
TurboBorland earned 420 total points
ID: 24755481
As for your other wants, cost effective & easy to implement, I would go with a router over the layer 3 switch.  You can usually pick routers up on the cheap and there are a lot of things layer 3 switches just will not communicate with.  So implementation for some things, depending on what you're working with, may get complicated and/or require other hardware.
0
 

Author Comment

by:Arifnor
ID: 24759922
Hi all,

Thanks. You guys recommend router. It filter IP address - I have no doubt, but how about ports?
But I still did not get it when you said  "He means for a software solution, use a firewall".
0
 
LVL 4

Accepted Solution

by:
TurboBorland earned 420 total points
ID: 24761815
Oh, a router is a hardware firewall.  I believe he meant if you're looking for a software solution, just your average software firewall.  Anyway, routers have filters that you can set for ports as well as ip addresses.  This feature is called port filtering (different routers, different names, however this is the most vivid description).  Here's a little image of a sample in how it works in your average Linksys router: http://www.dslreports.com/faq/12153.  It's rather simple, yet effective for what you need.  Allow/deny x port/service at y time or z day.  If you need to set more strict policy or just want more to play around with, you'll be looking at a more corporate type of router, which will cost you more and the complexity level for implementation will rise.  Here's a full description of how the feature is set with a Cisco router for port filtering (or in there terms setting an ip access list/ACL): http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml.  In the end, low cost, low complexity of maintenance and implementation, and need for typical port filtering features, go with Linksys (my opinion as it is my favorite of the in-home routers).
0
 

Author Closing Comment

by:Arifnor
ID: 31598612
Thanks. With the examples given it does help in the understanding.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, we’ll look at how to deploy ProxySQL.
Check out what's been happening in the Experts Exchange community.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question