Hardware firewall or a software setup ?
July 26th, 2016
we have a network of 10 computers where the internet comes via a ADSL router > then to a switch of 4 > 3 computers and then the 4th connection of it to another switch > then more computers
we are trying to secure the same in 2 ways
1. Software firewall: We are thinking to get either kaspersky internet security or bit defender internet security on each machine
2. Hardware firewall: we were looking on to Fortinet 40C Bundle – Two 10/100/1000 WAN Ports, 5-
port 10/100/1000 (FG-40C-BDL) for one Year ) price comes around 750 $ USD with 1 year installation + support including all taxes
please recommend, which way is recommended. Only thing internet is used for sending out transaction mails in the day or doing internet banking transactions
A. can you recommend on how to improve the network connectivity with those routers or replacing them somehow ?
Can your budget not stretch to both? It depends on what you think the biggest threat is.
A proper managed software solution will help prevent malware entering your network through USB, email, user error etc, it’s especially important in a none strict user policy environment.
Hardware security, depending on the quality can do above but also defend your network from attacks on servers/NATed devices, as well as offload those tasks from other network devices.
There’s a third option depending how comfortable you are with networking/security and that’s things like Endian – security operating systems that can turn any old machine into a security system and give you much more control than a firewall device
Ideally you’d want to have endpoint security (not just firewalls HIPS, http content filtering for reported malware urls) on all the clients. You can be less strict in the firewall rules here. Then on the edge of the network youd want an internet security appliance (NIPS, Content Filtering (for p0rn and the like) and Network Firewall etc) Youd want to be very strict here, only allow the ports you need.
It doesn’t matter if the latter is an appliance or a virtual appliance running on a server.
Thanks for the replies.
Since we only have workstations in the premises and no servers or NATed devices as such, so is it a liable solution to go for a Software Internet Security suite and keep them clean and maintained.
Also, Its like they do store :
1. Accounting data of Tally, of course they would want the same not to be compromised
2. Someone recently hacked their mail account and sent some fraud mail to their dealers to share their bank account details ( we now recommended them to use a more secure mail provider HushMail or Yahoo Business mail ) they currently use Yahoo free mail only.
Please reply.