Solved

IP address and Port Filtering

Posted on 2009-06-30
7
295 Views
Last Modified: 2012-05-07
What is the best (cost effective & easy to implement) solution to filter IP address & ports in Private WAN (not connected to Internet)

1. L3 switch
2. Router
3. Firewall
0
Comment
Question by:Arifnor
  • 3
  • 3
7 Comments
 
LVL 7

Assisted Solution

by:supports
supports earned 20 total points
ID: 24751307
For software - Firewall

however router has more options and greater security
0
 

Author Comment

by:Arifnor
ID: 24751386
What do you mean "for software - firewall" - you mean application firewall?
Can you explain further on router - more options & greater security.

BTW, I want a comparison & justification (reason) for choosing either one of that.
0
 
LVL 4

Assisted Solution

by:TurboBorland
TurboBorland earned 105 total points
ID: 24755389
He means for a software solution, use a firewall.  A router has more options and greater security because of the inherent features of a router.  With most routers you can deny traffic from certain ip's, from certain ports, and etc.  This being because it is the "gateway" between the internal network and its access to the outside world.  Everything the person does when connected to the router that's accessing outside sources needs to go through the router, thus you can apply filters on the device that will check the packets before they leave or enter your network and then apply your filters accordingly.  They offer greater security because it has one public IP address.  So in order for the attacker to get to you they'd have to first take gain control of the router, in your average case, which is only one device you have to lock down instead of worrying about the people connected, in order to communicate with the internal address/computer.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 4

Assisted Solution

by:TurboBorland
TurboBorland earned 105 total points
ID: 24755481
As for your other wants, cost effective & easy to implement, I would go with a router over the layer 3 switch.  You can usually pick routers up on the cheap and there are a lot of things layer 3 switches just will not communicate with.  So implementation for some things, depending on what you're working with, may get complicated and/or require other hardware.
0
 

Author Comment

by:Arifnor
ID: 24759922
Hi all,

Thanks. You guys recommend router. It filter IP address - I have no doubt, but how about ports?
But I still did not get it when you said  "He means for a software solution, use a firewall".
0
 
LVL 4

Accepted Solution

by:
TurboBorland earned 105 total points
ID: 24761815
Oh, a router is a hardware firewall.  I believe he meant if you're looking for a software solution, just your average software firewall.  Anyway, routers have filters that you can set for ports as well as ip addresses.  This feature is called port filtering (different routers, different names, however this is the most vivid description).  Here's a little image of a sample in how it works in your average Linksys router: http://www.dslreports.com/faq/12153.  It's rather simple, yet effective for what you need.  Allow/deny x port/service at y time or z day.  If you need to set more strict policy or just want more to play around with, you'll be looking at a more corporate type of router, which will cost you more and the complexity level for implementation will rise.  Here's a full description of how the feature is set with a Cisco router for port filtering (or in there terms setting an ip access list/ACL): http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml.  In the end, low cost, low complexity of maintenance and implementation, and need for typical port filtering features, go with Linksys (my opinion as it is my favorite of the in-home routers).
0
 

Author Closing Comment

by:Arifnor
ID: 31598612
Thanks. With the examples given it does help in the understanding.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now