Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 313
  • Last Modified:

IP address and Port Filtering

What is the best (cost effective & easy to implement) solution to filter IP address & ports in Private WAN (not connected to Internet)

1. L3 switch
2. Router
3. Firewall
0
Arifnor
Asked:
Arifnor
  • 3
  • 3
4 Solutions
 
supportsCommented:
For software - Firewall

however router has more options and greater security
0
 
ArifnorAuthor Commented:
What do you mean "for software - firewall" - you mean application firewall?
Can you explain further on router - more options & greater security.

BTW, I want a comparison & justification (reason) for choosing either one of that.
0
 
TurboBorlandCommented:
He means for a software solution, use a firewall.  A router has more options and greater security because of the inherent features of a router.  With most routers you can deny traffic from certain ip's, from certain ports, and etc.  This being because it is the "gateway" between the internal network and its access to the outside world.  Everything the person does when connected to the router that's accessing outside sources needs to go through the router, thus you can apply filters on the device that will check the packets before they leave or enter your network and then apply your filters accordingly.  They offer greater security because it has one public IP address.  So in order for the attacker to get to you they'd have to first take gain control of the router, in your average case, which is only one device you have to lock down instead of worrying about the people connected, in order to communicate with the internal address/computer.
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
TurboBorlandCommented:
As for your other wants, cost effective & easy to implement, I would go with a router over the layer 3 switch.  You can usually pick routers up on the cheap and there are a lot of things layer 3 switches just will not communicate with.  So implementation for some things, depending on what you're working with, may get complicated and/or require other hardware.
0
 
ArifnorAuthor Commented:
Hi all,

Thanks. You guys recommend router. It filter IP address - I have no doubt, but how about ports?
But I still did not get it when you said  "He means for a software solution, use a firewall".
0
 
TurboBorlandCommented:
Oh, a router is a hardware firewall.  I believe he meant if you're looking for a software solution, just your average software firewall.  Anyway, routers have filters that you can set for ports as well as ip addresses.  This feature is called port filtering (different routers, different names, however this is the most vivid description).  Here's a little image of a sample in how it works in your average Linksys router: http://www.dslreports.com/faq/12153.  It's rather simple, yet effective for what you need.  Allow/deny x port/service at y time or z day.  If you need to set more strict policy or just want more to play around with, you'll be looking at a more corporate type of router, which will cost you more and the complexity level for implementation will rise.  Here's a full description of how the feature is set with a Cisco router for port filtering (or in there terms setting an ip access list/ACL): http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml.  In the end, low cost, low complexity of maintenance and implementation, and need for typical port filtering features, go with Linksys (my opinion as it is my favorite of the in-home routers).
0
 
ArifnorAuthor Commented:
Thanks. With the examples given it does help in the understanding.
0

Featured Post

Choose an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now