Solved

Need Hardware Firewall Advice

Posted on 2009-07-11
5
257 Views
Last Modified: 2012-05-07
I'm looking for a bit of purchasing/can this be done advice.

We currently have a small Linux box which is housed at a customer site. We are having problems with it because of hacking attempts. No one has actually gotten in, but because we expose SSH, Telnet and FTP to the Internet, our log files show hundreds of attempts a day trying to log into the box and it's crashing the machine. (It's a small appliance with linux, not a regular linux computer.)

Our location is the only one that needs to talk to this box, so the simplest thing to do is for the customer to set their firewall to only allow traffic from us. However, for various political and technical reasons, they are unable to do this at this time. (I've been battling for six months on this issue... the reason has been something along the lines of they can't filter us without interfering with other client traffic since we're not the only ones hosting boxes.) Anyway, there's no point in arguing this right now.

So now what I'm wondering is the feasabilty of putting our own small hardware firewall just in front of our box. Will this work? Since our traffic is already coming into their network and our box has an internal 192.168 address, not a public one, would a hardware firewall between their router and our box even work? Would the firewall not see all the connections as coming from the router, not actually the outside? (Or does the answer to this question depend on their router?)

Also I'm looking for recommendations on brands or firewalls? In doing some searching, it's hard to find something for our circumstances. Nearly all the hardware firewalls seem to be part of routers/wifi hubs and such, or for the home market, with email filtering and virus scans and what not. Our need is simple: if I'm trying to connect from my IP address, let me in, and block everyone else cold. No other features are necessary.

Any advice?
0
Comment
Question by:ktwdallas
  • 2
  • 2
5 Comments
 
LVL 5

Accepted Solution

by:
mredfelix earned 500 total points
ID: 24832561
Hi

as your using a 192.168 adressing scheme i am gusiing your network is not that big. I would go for a cisco pix. There are others about but cisco has always been the most used which useful if your configring it yourself. The hardest thing is troubleshooting but to setup up is easy and can be done after a little studying

 there are more expenses ones but it depends on your budget the free one are the linux solutions but i think the best medium is the cisco pix
0
 

Author Comment

by:ktwdallas
ID: 24832587
Actually I did some checking, the internal IPs are all starting with 64.4.xxx.xxx but that's all internal traffic, we have a completely different public ip to connect to. But yeah, I actually was looking a the Cisco PIX 506 which seems like it would do what we need to simply.
0
 
LVL 5

Expert Comment

by:mredfelix
ID: 24834001
but how many devices do you have on your network.

other devices to look at are sonicwalls, or netgear
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 24835880
I would recommend the Sonicwall TZ series.  You can then also get VPN clients which would allow you to have sercured connections from anywhere to your internal network.
0
 

Author Closing Comment

by:ktwdallas
ID: 31602484
Ordered a 506 this morning, while I was researching this, their network ops suggested the exact same box to us, so I'll take that as a sign.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
tv error in depth 11 77
Unauthorized Network Devices Appearing on Home Network 20 108
Creating a Vendor Admin user 23 52
How do You Stop a DDoS Attack 7 28
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
On Beyond Tools A conversation I recently had with the DevOps manager of a major online retailer really made me think about DevOps monitoring tools (https://www.onpage.com/devops-incident-management-tool/). The manager and I discussed how sever…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question