IP address and Port Filtering

What is the best (cost effective & easy to implement) solution to filter IP address & ports in Private WAN (not connected to Internet)

1. L3 switch
2. Router
3. Firewall
ArifnorAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
TurboBorlandConnect With a Mentor Commented:
Oh, a router is a hardware firewall.  I believe he meant if you're looking for a software solution, just your average software firewall.  Anyway, routers have filters that you can set for ports as well as ip addresses.  This feature is called port filtering (different routers, different names, however this is the most vivid description).  Here's a little image of a sample in how it works in your average Linksys router: http://www.dslreports.com/faq/12153.  It's rather simple, yet effective for what you need.  Allow/deny x port/service at y time or z day.  If you need to set more strict policy or just want more to play around with, you'll be looking at a more corporate type of router, which will cost you more and the complexity level for implementation will rise.  Here's a full description of how the feature is set with a Cisco router for port filtering (or in there terms setting an ip access list/ACL): http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml.  In the end, low cost, low complexity of maintenance and implementation, and need for typical port filtering features, go with Linksys (my opinion as it is my favorite of the in-home routers).
0
 
supportsConnect With a Mentor Commented:
For software - Firewall

however router has more options and greater security
0
 
ArifnorAuthor Commented:
What do you mean "for software - firewall" - you mean application firewall?
Can you explain further on router - more options & greater security.

BTW, I want a comparison & justification (reason) for choosing either one of that.
0
Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

 
TurboBorlandConnect With a Mentor Commented:
He means for a software solution, use a firewall.  A router has more options and greater security because of the inherent features of a router.  With most routers you can deny traffic from certain ip's, from certain ports, and etc.  This being because it is the "gateway" between the internal network and its access to the outside world.  Everything the person does when connected to the router that's accessing outside sources needs to go through the router, thus you can apply filters on the device that will check the packets before they leave or enter your network and then apply your filters accordingly.  They offer greater security because it has one public IP address.  So in order for the attacker to get to you they'd have to first take gain control of the router, in your average case, which is only one device you have to lock down instead of worrying about the people connected, in order to communicate with the internal address/computer.
0
 
TurboBorlandConnect With a Mentor Commented:
As for your other wants, cost effective & easy to implement, I would go with a router over the layer 3 switch.  You can usually pick routers up on the cheap and there are a lot of things layer 3 switches just will not communicate with.  So implementation for some things, depending on what you're working with, may get complicated and/or require other hardware.
0
 
ArifnorAuthor Commented:
Hi all,

Thanks. You guys recommend router. It filter IP address - I have no doubt, but how about ports?
But I still did not get it when you said  "He means for a software solution, use a firewall".
0
 
ArifnorAuthor Commented:
Thanks. With the examples given it does help in the understanding.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.