Re: [foxboro] Best way to connect to the Business Network

I'm not sure what the capabilities of routers are these days, not having
taken a look at Cisco's lineup recently, but from my past experience with
them, you had to configure everything about each connection passing through
them.  For example, for my AW to make a connection to an external mail
server to send me diagnostic emails, I would have to tell the router to
pass a TCP connection from the AW from any port to to port 25, and to allow
a connection from the mail server on port 25 to any port on the AW.  With
many different protocols, this quickly becomes untenable, although for an
average AW this is probably not an issue.  Further, the security is not as
tight as one might like, because if an attacker commandeers the mail
server, she is free to probe your AW from it -- on any port.

I don't know about layer 3 switches, but as far as I can tell this is
another term for "multiport router" or "switch with routing built in".

Most modern firewalls, however, have so-called "stateful inspection" --
they keep track of connections and have some knowledge of the traffic flow.
In the firewall case, I'd configure it to allow the connection from the AW
to port 25 on the mail server, and tell it to "keep the state" of the
connection, it will then only allow traffic flowing from the mail server
that is associated with that connection that the AW initiated.  Other
arbitrary connections from the mail server will be dropped.  And most
firewalls can also do NAT, so if you want more than one AW/WP to get out,
and don't want to duplicate your filter rules for every box, a firewall
will typically make this relatively simple.

Again, modern routers may have more firewall-type capabilities built in.
Certainly in the home market, I've seen a blurring of the line between
"firewall" and "router", as the home units for broadband do both.

As for "class" of device, I guess that depends on your personal preference.
More money in general seems to get you more advanced features -- layer 7 or
application-level filtering or proxying, centralized management and
reporting, nice configuration GUIs, better performance, a more "corporate"
name -- but this is not always the case.  The "home" products have become
very capable, and are priced right -- around 80-100 USD here.  And there
are several very good open-source solutions which can be had for the price
of an old PC, two NICs and some time.  Your IT folks may have something to
say about this as well.  If so, then hopefully they know what they are
talking about.

Corey Clingo
BASF Corp.



|---------+---------------------------->
|         |           "Lemieux, Tom"   |
|         |           <TomLemieux@arive|
|         |           r.com>           |
|         |           Sent by:         |
|         |           foxboro-bounce@fr|
|         |           eelists.org      |
|         |                            |
|         |                            |
|         |           09/09/2003 02:01 |
|         |           PM               |
|         |           Please respond to|
|         |           foxboro          |
|         |                            |
|---------+---------------------------->
  
>------------------------------------------------------------------------------------------------------------------------------|
  |                                                                             
                                                 |
  |              To:  "'Foxboro (E-mail)"                                       
                                                 |
  |              cc:                                                            
                                                 |
  |       Subject:  [foxboro] Best way to connect to the Business Network       
                                                 |
  
>------------------------------------------------------------------------------------------------------------------------------|




Hi list,

In regards to a post a while back regarding connecting an AW51 to the
business network, it was stated you should use a router or a firewall not a
level III switch. I was wondering if anyone has any input on the Pro's and
Con's of using a Firewall Vs a Router? Also any input on what class of
Device would be recommended, what option are important and what options are
not? Basically any and all input on this subject would be appreciated.

Thanks Tom Lemieux
Alabama Pine Pulp
Po Box 100 Perdue Hill, Alabama
Phone    251-743-8576
Cel         251-362-1453
Fax        251-743-8295
E-mail   tomlemieux@xxxxxxxxxx



This email has been scanned for viruses by McAfee Webshield E500.




_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at
your own risks. Read http://www.thecassandraproject.org/disclaimer.html

foxboro mailing list:             http://www.freelists.org/list/foxboro
to subscribe:         mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
to unsubscribe:      mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave






 
 
_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at
your own risks. Read http://www.thecassandraproject.org/disclaimer.html
 
foxboro mailing list:             http://www.freelists.org/list/foxboro
to subscribe:         mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
to unsubscribe:      mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave

Other related posts: