RE: Firewall recommendation

Hi,

For $200 you are only going to get a consumer grade router, not a firewall.
I appreciate everyone's budget is different but if you can, you need to
invest (not 'spend') more in your firewall solution. Look at the costs
involved if your server is ever compromised and needs to be rebuilt.
Depending on how many nodes you have, $450+ is a more realistic minimum
outlay. I've never used SonicWall products so I can't offer advice on this
range but take a look at the Cisco, Watchguard and Netscreen/Juniper range of
products.

Regards Colin.

"mrwiegand" wrote:

> What would be a good firewall to use in conjunction with SBS 2003. I
> do not want to have the firewall on the same server as SBS, I am
> looking at sonicwall products atm. Price is an issue, can I get
> anything good for under $200? Thanks in advance
>
>

> For $200 you are only going to get a consumer grade router, not a
> firewall.

That's entirely rubbish! You may not get an enterprise confugration, but
you can certainly get a DLink or similar product with integrated firewall.

Scott,

Please elaborate on what you consider to be a firewall. If you mean a simple
NAT router with an SPI firewall, then yes, one can be had for under $200. A
business-grade firewall probably cannot be had for under $500-$600, plus a
UTM subscription.

To which D-Link product do you refer? Most of us would not rely upon
consumer-grade products in our own businesses, much less in those of our
clients.

Gregg Hill



"Scott M." <s-> wrote in message
news:udi32$...
>> For $200 you are only going to get a consumer grade router, not a
>> firewall.
>
> That's entirely rubbish! You may not get an enterprise confugration, but
> you can certainly get a DLink or similar product with integrated firewall.
>

> Please elaborate on what you consider to be a firewall. If you mean a
> simple NAT router with an SPI firewall, then yes, one can be had for under
> $200.

Yes, this is considered a firewall, hence my comments.

>A business-grade firewall probably cannot be had for under $500-$600, plus
>a UTM subscription.

Which is why I said: "You may not get an enterprise confugration..."

> To which D-Link product do you refer? Most of us would not rely upon
> consumer-grade products in our own businesses, much less in those of our
> clients.

I don't know who the "us" is that you are referring to. But I run SBS 2003
for my small business and this type of product suits my needs just fine.
Also, I don't recall the OP discussing the needs of his "clients", as you
make reference to.

-Scott

Scott,

You also said, "That's entirely rubbish!" to Colin's comment. I am
reasonably certain that Colin knows that a consumer router is also a
"firewall" in some meaning of the term.

The "us" to whom I refer is the 90% of people in this group who provide the
support answers to users' and other techs' questions. Most of "us" would not
use a consumer-grade firewall/router to protect our own networks, nor would
we recommend one to our clients, which in turn prevents us from recommending
one to an end user.

So, if the OP is a home user trying to protect his/her XP gaming computer, a
consumer-grade product would be fine. However, he/she mentioned thinking
about a SonicWALL or similar product to protect an SBS network, hence the
recommendations.

Personally, I would not recommend anything to someone that I would not be
willing to use myself.

Gregg Hill






"Scott M." <s-> wrote in message
news:...
>> Please elaborate on what you consider to be a firewall. If you mean a
>> simple NAT router with an SPI firewall, then yes, one can be had for
>> under $200.
>
> Yes, this is considered a firewall, hence my comments.
>
>>A business-grade firewall probably cannot be had for under $500-$600,
>>plus a UTM subscription.
>
> Which is why I said: "You may not get an enterprise confugration..."
>
>> To which D-Link product do you refer? Most of us would not rely upon
>> consumer-grade products in our own businesses, much less in those of our
>> clients.
>
> I don't know who the "us" is that you are referring to. But I run SBS 2003
> for my small business and this type of product suits my needs just fine.
> Also, I don't recall the OP discussing the needs of his "clients", as you
> make reference to.
>
> -Scott
>

> You also said, "That's entirely rubbish!" to Colin's comment. I am
> reasonably certain that Colin knows that a consumer router is also a
> "firewall" in some meaning of the term.

That's nice that you are "reasonably certain", but his statement is
contradictory to your interpretation of his meaning.

> The "us" to whom I refer is the 90% of people in this group who provide
> the support answers to users' and other techs' questions. Most of "us"
> would not use a consumer-grade firewall/router to protect our own
> networks, nor would we recommend one to our clients, which in turn
> prevents us from recommending one to an end user.

Well, I am part of "us" in that case and I'd challenge your 90% figure. As
I said, my 6 client business is running with a consumer router/firewall and
a software firewall. I believe that in context, a small operation like mine
is quite well off with this solution. Since the OP did not indicate in any
way what kind of network he is working on, dismissing my suggestion is
unwarranted.

> So, if the OP is a home user trying to protect his/her XP gaming computer,
> a consumer-grade product would be fine. However, he/she mentioned thinking
> about a SonicWALL or similar product to protect an SBS network, hence the
> recommendations.

As I said, I use SBS and my consumer hardware/software combination is
perfectly suitable.

> Personally, I would not recommend anything to someone that I would not be
> willing to use myself.

I wouldn't make a recommendation at all until I knew much more about what
the network was than has been provided. I also wouldn't dismiss a possible
solution for the same reason.

>
> Gregg Hill
>
>
>
>
>
>
> "Scott M." <s-> wrote in message
> news:...
>>> Please elaborate on what you consider to be a firewall. If you mean a
>>> simple NAT router with an SPI firewall, then yes, one can be had for
>>> under $200.
>>
>> Yes, this is considered a firewall, hence my comments.
>>
>>>A business-grade firewall probably cannot be had for under $500-$600,
>>>plus a UTM subscription.
>>
>> Which is why I said: "You may not get an enterprise confugration..."
>>
>>> To which D-Link product do you refer? Most of us would not rely upon
>>> consumer-grade products in our own businesses, much less in those of our
>>> clients.
>>
>> I don't know who the "us" is that you are referring to. But I run SBS
>> 2003 for my small business and this type of product suits my needs just
>> fine. Also, I don't recall the OP discussing the needs of his "clients",
>> as you make reference to.
>>
>> -Scott
>>
>
>

Scott,


"Scott M." <s-> wrote in message
news:ua%...
>> You also said, "That's entirely rubbish!" to Colin's comment. I am
>> reasonably certain that Colin knows that a consumer router is also a
>> "firewall" in some meaning of the term.
>
> That's nice that you are "reasonably certain", but his statement is
> contradictory to your interpretation of his meaning.
>

You are incorrect that Colin's statement is contradictory to my
understanding of its meaning. Why? Colin mentioned using the "...Cisco,
Watchguard and Netscreen/Juniper range of products." Anyone informed enough
to know that those products even exist is going to be well aware that a NAT
router provides BASIC firewall capability, and that most NAT routers sold
today also include SPI. I read his COMPLETE statement, not just the first
line, to make a judgment of his meaning. You apparently made your "That's
entirely rubbish!" comment in response to the first line of his comment.



>> The "us" to whom I refer is the 90% of people in this group who provide
>> the support answers to users' and other techs' questions. Most of "us"
>> would not use a consumer-grade firewall/router to protect our own
>> networks, nor would we recommend one to our clients, which in turn
>> prevents us from recommending one to an end user.
>
> Well, I am part of "us" in that case and I'd challenge your 90% figure.
> As I said, my 6 client business is running with a consumer router/firewall
> and a software firewall.


OK, I guessed low at 90%, since your recommendation to use consumer-grade
equipment is the ONLY one I have ever seen in many years of watching these
newsgroups. There may have been others, but I have not seen one yet. So, in
my observance of these newsgroups, the figure would be higher than 99% in
favor of business-grade equipment being recommended.




I believe that in context, a small operation like mine
> is quite well off with this solution. Since the OP did not indicate in
> any way what kind of network he is working on, dismissing my suggestion is
> unwarranted.
>

Wrong again, Scott. He did indicate that he was going to be using a business
operating system, not an XP workstation, and he mentioned that he is already
looking at SonicWALL products. When he mentioned using SBS and considering
SonicWALL, I immediately took that to mean it will be used for a business,
not a casual home user. In my professional opinion, ANY business using a
consumer-grade product to protect its data is taking a risk. If you choose
to risk your own personal data, that is one thing. To risk compromising a
business' data that may include confidential information on dozens of that
business' clients, is in my opinion, irresponsible to the business and to
that business' clients.


>> So, if the OP is a home user trying to protect his/her XP gaming
>> computer, a consumer-grade product would be fine. However, he/she
>> mentioned thinking about a SonicWALL or similar product to protect an SBS
>> network, hence the recommendations.
>
> As I said, I use SBS and my consumer hardware/software combination is
> perfectly suitable.
>

As I said above, if you choose to risk your own personal data, that is one
thing. To risk compromising a business' data that may include confidential
information on dozens of that business' clients, is in my opinion,
irresponsible to the business and to that business' clients. If your client
gets hacked and asks what you did to protect him, I doubt the client will be
satisfied with your answer.



>> Personally, I would not recommend anything to someone that I would not be
>> willing to use myself.
>
> I wouldn't make a recommendation at all until I knew much more about what
> the network was than has been provided. I also wouldn't dismiss a
> possible solution for the same reason.
>

The OP mentioned SBS and SonicWALL. Those are clues that it will be used in
a business. Again, to risk compromising a business' data that may include
confidential information on dozens of that business' clients, is in my
opinion, irresponsible to the business and to that business' clients.

Just as I would not recommend installing SBS on an XP workstation, I would
not recommend a firewall designed for home use to be used in a business,
which the original post did indeed indicate by mentioning SBS and SonicWALL.
Yes, SBS will install and run fine on a Pentium III workstation with one
hard drive, but I would neither recommend, sell, nor support it in that
configuration. To do so would be irresponsible, just as recommending a
consumer-grade "home use" product as a firewall in a business is, in my
opinion, irresponsible.

You choose to support your clients one way, I choose another. We each have
our reasons, and I somehow doubt that we will agree on any points, so after
your reply to this post, we should let this one die.

Gregg Hill




>>
>> Gregg Hill
>>
>>
>>
>>
>>
>>
>> "Scott M." <s-> wrote in message
>> news:...
>>>> Please elaborate on what you consider to be a firewall. If you mean a
>>>> simple NAT router with an SPI firewall, then yes, one can be had for
>>>> under $200.
>>>
>>> Yes, this is considered a firewall, hence my comments.
>>>
>>>>A business-grade firewall probably cannot be had for under $500-$600,
>>>>plus a UTM subscription.
>>>
>>> Which is why I said: "You may not get an enterprise confugration..."
>>>
>>>> To which D-Link product do you refer? Most of us would not rely upon
>>>> consumer-grade products in our own businesses, much less in those of
>>>> our clients.
>>>
>>> I don't know who the "us" is that you are referring to. But I run SBS
>>> 2003 for my small business and this type of product suits my needs just
>>> fine. Also, I don't recall the OP discussing the needs of his "clients",
>>> as you make reference to.
>>>
>>> -Scott
>>>
>>
>>
>
>

"Gregg Hill" <> wrote in message
news:...
> Scott,
>
>
> "Scott M." <s-> wrote in message
> news:ua%...
>>> You also said, "That's entirely rubbish!" to Colin's comment. I am
>>> reasonably certain that Colin knows that a consumer router is also a
>>> "firewall" in some meaning of the term.
>>
>> That's nice that you are "reasonably certain", but his statement is
>> contradictory to your interpretation of his meaning.
>>
>
> You are incorrect that Colin's statement is contradictory to my
> understanding of its meaning. Why? Colin mentioned using the "...Cisco,
> Watchguard and Netscreen/Juniper range of products." Anyone informed
> enough to know that those products even exist is going to be well aware
> that a NAT router provides BASIC firewall capability, and that most NAT
> routers sold today also include SPI. I read his COMPLETE statement, not
> just the first line, to make a judgment of his meaning. You apparently
> made your "That's entirely rubbish!" comment in response to the first line
> of his comment.

Yes, I did. I believe anyone who is that informed should make statements
that are correct. His first statement was not correct. There is no
disputing that.

>
>
>
>>> The "us" to whom I refer is the 90% of people in this group who provide
>>> the support answers to users' and other techs' questions. Most of "us"
>>> would not use a consumer-grade firewall/router to protect our own
>>> networks, nor would we recommend one to our clients, which in turn
>>> prevents us from recommending one to an end user.
>>
>> Well, I am part of "us" in that case and I'd challenge your 90% figure.
>> As I said, my 6 client business is running with a consumer
>> router/firewall and a software firewall.
>
>
> OK, I guessed low at 90%, since your recommendation to use consumer-grade
> equipment is the ONLY one I have ever seen in many years of watching these
> newsgroups. There may have been others, but I have not seen one yet. So,
> in my observance of these newsgroups, the figure would be higher than 99%
> in favor of business-grade equipment being recommended.

But, as you say, it's a guess. And, quite frankly the percentage doesn't
matter. One size does not fit all and each scenario should be judged on its
merits.

> I believe that in context, a small operation like mine
>> is quite well off with this solution. Since the OP did not indicate in
>> any way what kind of network he is working on, dismissing my suggestion
>> is unwarranted.
>>
>
> Wrong again, Scott. He did indicate that he was going to be using a
> business operating system, not an XP workstation, and he mentioned that he
> is already looking at SonicWALL products. When he mentioned using SBS and
> considering SonicWALL, I immediately took that to mean it will be used for
> a business, not a casual home user. In my professional opinion, ANY
> business using a consumer-grade product to protect its data is taking a
> risk. If you choose to risk your own personal data, that is one thing. To
> risk compromising a business' data that may include confidential
> information on dozens of that business' clients, is in my opinion,
> irresponsible to the business and to that business' clients.

No it's not wrong, and my point is becomming increasingly that you seem to
like to make blanket statements and inferences that are ill-informed. Your
assertion that ANY business using a consumer-grade product is taking a risk
is meaningless since ANY system plugged into the Internet is also taking a
risk. Risk is not absolute, there are degrees of risk (which is why we all
pay different rates for insurance, for example).

To properly assess a system's needs and risks, you must know much more than
has been provided in this thread. But you have made assumption after
assumption, inference after inference based on exteemely little knowlege of
the actual system. You've come across (I don't know if intentionally or
not) as very condecending, when it appears to me that you have technical
knowledge, but not very much practical business experience evaluating needs.
Or, you just feel that every problem requires a Fort Knox solution, which is
not the case.

>>> So, if the OP is a home user trying to protect his/her XP gaming
>>> computer, a consumer-grade product would be fine. However, he/she
>>> mentioned thinking about a SonicWALL or similar product to protect an
>>> SBS network, hence the recommendations.
>>
>> As I said, I use SBS and my consumer hardware/software combination is
>> perfectly suitable.
>>
>
> As I said above, if you choose to risk your own personal data, that is one
> thing. To risk compromising a business' data that may include confidential
> information on dozens of that business' clients, is in my opinion,
> irresponsible to the business and to that business' clients. If your
> client gets hacked and asks what you did to protect him, I doubt the
> client will be satisfied with your answer.

But, did anyone say that confidential information and dozens of business
client's data were at stake in this case? No. You've just made that
assumption without ever investigating the needs of the OP.

>>> Personally, I would not recommend anything to someone that I would not
>>> be willing to use myself.
>>
>> I wouldn't make a recommendation at all until I knew much more about what
>> the network was than has been provided. I also wouldn't dismiss a
>> possible solution for the same reason.
>>
>
> The OP mentioned SBS and SonicWALL. Those are clues that it will be used
> in a business. Again, to risk compromising a business' data that may
> include confidential information on dozens of that business' clients, is
> in my opinion, irresponsible to the business and to that business'
> clients.

My point is that a solution shouldn't be suggested OR DISMISSED based on
"clues". Find out what the needs are. Ask questions that give you real
workable answers.

> Just as I would not recommend installing SBS on an XP workstation, I would
> not recommend a firewall designed for home use to be used in a business,
> which the original post did indeed indicate by mentioning SBS and
> SonicWALL. Yes, SBS will install and run fine on a Pentium III workstation
> with one hard drive, but I would neither recommend, sell, nor support it
> in that configuration.

Great, but not a good analogy.

> To do so would be irresponsible, just as recommending a consumer-grade
> "home use" product as a firewall in a business is, in my opinion,
> irresponsible.

Well, now we come to it. It's your "opinion", and you are entitled to it.
But an opinion is not a fact. My opinion is that you haven't done enough
homework on this scenario to make any recommendations. Mom and pop, who run
a small business from home that don't have any confidential client data, no
web site, but do need email and multiple workstation support, and are on a
tight budget (as the OP said he was) may just well use SBS and my "opinion"
for them might include a good consumer grade hardware firewall in
conjunction with a software firewall. That's my opinion. You really can't
say I'm wrong about it.

On the other hand, the first statement I responded to (rubbish!) was not an
opinion, it was presented as a fact...and it is rubbish because it is not
true - many (if not most) consumer grade routers do, in fact, contain a
firewall. Your "assumption" that others would just know what the poster
meant by the rest of his statement is again, an opinion. As someone who has
also been an active member of these NG's for about a decade, I know that not
all who read these posts always put 2 and 2 together like you did. My reply
was for them and it was accurate.

> You choose to support your clients one way, I choose another. We each have
> our reasons, and I somehow doubt that we will agree on any points, so
> after your reply to this post, we should let this one die.

You haven't read anything I've said, because you are still talking about my
clients, when I've given you no reason to believe that I have ever made any
recommendations about firewalls to my clients. I've been talking about my
small business's setup, which does not have information relating to my
client's on it - that's the nature of my business. But you wouldn't know
that because you didn't take the time to investigate my setup either.
You've just gone ahead and said that my way is wrong without
knowing/identifying the needs of the network (which, by the way is the first
step in providing any kind of solution - identify the problem).

>
> Gregg Hill
>
>
>
>
>>>
>>> Gregg Hill
>>>
>>>
>>>
>>>
>>>
>>>
>>> "Scott M." <s-> wrote in message
>>> news:...
>>>>> Please elaborate on what you consider to be a firewall. If you mean a
>>>>> simple NAT router with an SPI firewall, then yes, one can be had for
>>>>> under $200.
>>>>
>>>> Yes, this is considered a firewall, hence my comments.
>>>>
>>>>>A business-grade firewall probably cannot be had for under $500-$600,
>>>>>plus a UTM subscription.
>>>>
>>>> Which is why I said: "You may not get an enterprise confugration..."
>>>>
>>>>> To which D-Link product do you refer? Most of us would not rely upon
>>>>> consumer-grade products in our own businesses, much less in those of
>>>>> our clients.
>>>>
>>>> I don't know who the "us" is that you are referring to. But I run SBS
>>>> 2003 for my small business and this type of product suits my needs just
>>>> fine. Also, I don't recall the OP discussing the needs of his
>>>> "clients", as you make reference to.
>>>>
>>>> -Scott
>>>>
>>>
>>>
>>
>>
>
>

In line!


"Scott M." <s-> wrote in message
news:...
>
> "Gregg Hill" <> wrote in message
> news:...
>> Scott,
>>
>>
>> "Scott M." <s-> wrote in message
>> news:ua%...
>>>> You also said, "That's entirely rubbish!" to Colin's comment. I am
>>>> reasonably certain that Colin knows that a consumer router is also a
>>>> "firewall" in some meaning of the term.
>>>
>>> That's nice that you are "reasonably certain", but his statement is
>>> contradictory to your interpretation of his meaning.
>>>
>>
>> You are incorrect that Colin's statement is contradictory to my
>> understanding of its meaning. Why? Colin mentioned using the "...Cisco,
>> Watchguard and Netscreen/Juniper range of products." Anyone informed
>> enough to know that those products even exist is going to be well aware
>> that a NAT router provides BASIC firewall capability, and that most NAT
>> routers sold today also include SPI. I read his COMPLETE statement, not
>> just the first line, to make a judgment of his meaning. You apparently
>> made your "That's entirely rubbish!" comment in response to the first
>> line of his comment.
>
> Yes, I did. I believe anyone who is that informed should make statements
> that are correct. His first statement was not correct. There is no
> disputing that.
>

Well, I took his entire comments into consideration, rather than micro-focus
on one sentence. You are **absolutely correct** in that the one sentence is
incorrect, but the gist of the whole post indicates that he knows that a
consumer-grade router has a firewall. Had you responded with a less
antagonistic reply to him, minus the "That's entirely rubbish!" comment, we
would not be discussing this point.





>>
>>
>>
>>>> The "us" to whom I refer is the 90% of people in this group who provide
>>>> the support answers to users' and other techs' questions. Most of "us"
>>>> would not use a consumer-grade firewall/router to protect our own
>>>> networks, nor would we recommend one to our clients, which in turn
>>>> prevents us from recommending one to an end user.
>>>
>>> Well, I am part of "us" in that case and I'd challenge your 90% figure.
>>> As I said, my 6 client business is running with a consumer
>>> router/firewall and a software firewall.
>>
>>
>> OK, I guessed low at 90%, since your recommendation to use consumer-grade
>> equipment is the ONLY one I have ever seen in many years of watching
>> these newsgroups. There may have been others, but I have not seen one
>> yet. So, in my observance of these newsgroups, the figure would be higher
>> than 99% in favor of business-grade equipment being recommended.
>
> But, as you say, it's a guess. And, quite frankly the percentage doesn't
> matter. One size does not fit all and each scenario should be judged on
> its merits.
>

Whether it is a guess or not, as you say, the percentage doesn't matter, so
why would you "challenge" the figure if it means so little to you? I was
just making the point that your recommendation is the first that **I** have
seen for a consumer-grade product. Perhaps I should have used the term "by
far the vast majority" instead of a guess at a percentage, but I did not
think anyone would actually try to analyze the exact percentage to see if I
got it right.




>> I believe that in context, a small operation like mine
>>> is quite well off with this solution. Since the OP did not indicate in
>>> any way what kind of network he is working on, dismissing my suggestion
>>> is unwarranted.
>>>
>>
>> Wrong again, Scott. He did indicate that he was going to be using a
>> business operating system, not an XP workstation, and he mentioned that
>> he is already looking at SonicWALL products. When he mentioned using SBS
>> and considering SonicWALL, I immediately took that to mean it will be
>> used for a business, not a casual home user. In my professional opinion,
>> ANY business using a consumer-grade product to protect its data is taking
>> a risk. If you choose to risk your own personal data, that is one thing.
>> To risk compromising a business' data that may include confidential
>> information on dozens of that business' clients, is in my opinion,
>> irresponsible to the business and to that business' clients.
>
> No it's not wrong, and my point is becoming increasingly that you seem to
> like to make blanket statements and inferences that are ill-informed.


You stated, "Since the OP did not indicate in any way what kind of network
he is working on...." That statement is indeed wrong, and my response to
that particular statement is not a "blanket" response. The mere mention of
SBS and SonicWALL indicate that this is NOT an end user trying to protect a
workstation, more probably a person trying to protect his business. No, I do
not have the precise facts of his EXACT needs (and neither do you), but as I
said before, the mention of SBS and SonicWALL **indicate** a business trying
to be protected.


> Your assertion that ANY business using a consumer-grade product is taking
> a risk is meaningless since ANY system plugged into the Internet is also
> taking a risk. Risk is not absolute, there are degrees of risk (which is
> why we all pay different rates for insurance, for example).
>

It is far from meaningless, Scott. Every business that I have encountered
has data on its clients. By far the vast majority of home user systems have
only that particular family's data to risk. It is precisely the degree of
risk that you mention and that I have addressed by recommending a
business-grade firewall to protect a business vs. a consumer-grade firewall
to protect a business. Businesses tend to have more critical data than a
home user, and data on more persons than a home user would have. Perhaps I
should have stated any BUSINESS, vs. any HOME USER, needs to protect itself
more. A typical home user has less risk than a typical business, period. It
is precisely that risk that was being addressed.





> To properly assess a system's needs and risks, you must know much more
> than has been provided in this thread. But you have made assumption after
> assumption, inference after inference based on exteemely little knowlege
> of the actual system. You've come across (I don't know if intentionally
> or not) as very condecending, when it appears to me that you have
> technical knowledge, but not very much practical business experience
> evaluating needs. Or, you just feel that every problem requires a Fort
> Knox solution, which is not the case.
>

You stated, "But you have made assumption after assumption, inference after
inference based on extremely little knowlege of the actual system." Scott,
you mentioned a consumer-grade firewall in response to his post. I mentioned
a business-grade firewall. BOTH of us have made assumptions as to the actual
need, and for some odd reason, you complain about my doing it, but you
slough off the fact that you did the same thing. Why am I bad but you are
good for doing the same thing? To address your Fort Knox comment, I do not
feel that all businesses require armed guards and vaults, but I sure would
hate to face a client when their system got hacked because I failed to take
proper steps to protect them. I would hate for my own data to be protected
by some other business that runs a consumer-grade firewall.




>>>> So, if the OP is a home user trying to protect his/her XP gaming
>>>> computer, a consumer-grade product would be fine. However, he/she
>>>> mentioned thinking about a SonicWALL or similar product to protect an
>>>> SBS network, hence the recommendations.
>>>
>>> As I said, I use SBS and my consumer hardware/software combination is
>>> perfectly suitable.
>>>
>>
>> As I said above, if you choose to risk your own personal data, that is
>> one thing. To risk compromising a business' data that may include
>> confidential information on dozens of that business' clients, is in my
>> opinion, irresponsible to the business and to that business' clients. If
>> your client gets hacked and asks what you did to protect him, I doubt the
>> client will be satisfied with your answer.
>
> But, did anyone say that confidential information and dozens of business
> client's data were at stake in this case? No. You've just made that
> assumption without ever investigating the needs of the OP.
>

Neither did I say that, Scott. I said, "...that may include confidential
information on dozens of that business' clients...." Notice the words "may
include" in that sentence. I did not say the OP had that scenario. I said
that **a** business MAY have that risk, not that HIS business DOES have that
risk. Here YOU assume without reading carefully what was stated.



>>>> Personally, I would not recommend anything to someone that I would not
>>>> be willing to use myself.
>>>
>>> I wouldn't make a recommendation at all until I knew much more about
>>> what the network was than has been provided. I also wouldn't dismiss a
>>> possible solution for the same reason.
>>>
>>
>> The OP mentioned SBS and SonicWALL. Those are clues that it will be used
>> in a business. Again, to risk compromising a business' data that may
>> include confidential information on dozens of that business' clients, is
>> in my opinion, irresponsible to the business and to that business'
>> clients.
>
> My point is that a solution shouldn't be suggested OR DISMISSED based on
> "clues". Find out what the needs are. Ask questions that give you real
> workable answers.
>

Again, I am the bad guy for doing EXACTLY what you did. We both made
recommendations based upon very little information, yet you ridicule me for
doing so. Nice double standard you have going there!




>> Just as I would not recommend installing SBS on an XP workstation, I
>> would not recommend a firewall designed for home use to be used in a
>> business, which the original post did indeed indicate by mentioning SBS
>> and SonicWALL. Yes, SBS will install and run fine on a Pentium III
>> workstation with one hard drive, but I would neither recommend, sell, nor
>> support it in that configuration.
>
> Great, but not a good analogy.
>

Actually, it is quite an accurate analogy. It points out that just because a
particular solution **will** work, it may not be the better solution. A VW
with two flat tires can be driven across country, but a Lincoln would be
nicer! You state that a consumer-grade firewall works just fine. I pointed
out a safer solution. Yes, your method will certainly work, but NOT as well
as a business-grade solution. I have an obligation to protect my
unsuspecting clients, hence I recommended a business-grade product.



>> To do so would be irresponsible, just as recommending a consumer-grade
>> "home use" product as a firewall in a business is, in my opinion,
>> irresponsible.
> Well, now we come to it. It's your "opinion", and you are entitled to it.
> But an opinion is not a fact. My opinion is that you haven't done enough
> homework on this scenario to make any recommendations.

Oh, I see. If I have an "opinion" it is a bad thing, but it is certainly OK
for you to have one? YOUR opinion is based upon YOUR own ASSUMPTIONS, just
as mine has been. Why is that OK for you but not for me? You made your
comment about consumer products without any more information than I had!



Mom and pop, who run
> a small business from home that don't have any confidential client data,
> no web site, but do need email and multiple workstation support, and are
> on a tight budget (as the OP said he was) may just well use SBS and my
> "opinion" for them might include a good consumer grade hardware firewall
> in conjunction with a software firewall. That's my opinion. You really
> can't say I'm wrong about it.
>

I see no mention by the OP of this mom and pop business about which you make
your assumption. I did not say your recommendation is wrong. I said that
"Most of us would not rely upon
consumer-grade products in our own businesses, much less in those of our
clients."


> On the other hand, the first statement I responded to (rubbish!) was not
> an opinion, it was presented as a fact...and it is rubbish because it is
> not true - many (if not most) consumer grade routers do, in fact, contain
> a firewall.

Actually, you ASSUMED that Colin's remark was a rock-solid fact stating that
there is no firewall of any kind in a consumer-grade router. Did he
explicitly say that? NO! You assumed he meant that and I assumed that he
knows better, after **reading his whole post.** The OP knows what a
SonicWALL is, and Colin's suggestion to look at the other products is valid.
Yes, if the OP stopped after reading the first sentence, there may have been
some confusion. Perhaps if the OP were to jump in here and clarify how he
interpreted the comment, we would understand better. Barring that, you are
assuming as well.






Your "assumption" that others would just know what the poster
> meant by the rest of his statement is again, an opinion. As someone who
> has also been an active member of these NG's for about a decade, I know
> that not all who read these posts always put 2 and 2 together like you
> did. My reply was for them and it was accurate.
>

Your reply was also an assumption. You also failed to respond to his whole
comment. Taken out of context in that way, yes, it could be confusing. Your
reply could simply have stated, "You may not get an enterprise
configuration, but you can certainly get a DLink or similar product with
integrated firewall." That would have been a lot less antagonistic.



>> You choose to support your clients one way, I choose another. We each
>> have our reasons, and I somehow doubt that we will agree on any points,
>> so after your reply to this post, we should let this one die.
>
> You haven't read anything I've said, because you are still talking about
> my clients, when I've given you no reason to believe that I have ever made
> any recommendations about firewalls to my clients. I've been talking
> about my small business's setup, which does not have information relating
> to my client's on it - that's the nature of my business. But you wouldn't
> know that because you didn't take the time to investigate my setup either.
> You've just gone ahead and said that my way is wrong without
> knowing/identifying the needs of the network (which, by the way is the
> first step in providing any kind of solution - identify the problem).
>





I have read everything you have said, including the "...my 6 client business
is running with a consumer router/firewall and a software firewall" comment.
Also, the "I wouldn't make a recommendation at all until I knew much
more...." comment IMPLIES that you do make recommendations, and you did make
a recommendation to the OP. Yes, you gave me PLENTY of reason to believe...I
just happened to believe incorrectly. OK, so I assumed that if you have
clients (or should I say "customers"? I tend to use the terms
interchangeably), then you probably also have data on those clients or
customers. I also assumed that since you referred to them as "clients" and
that you stated, "I wouldn't make a recommendation at all until I knew much
more....", then you provide them with support and recommendations. My bad!
My point was that business-grade product would protect those clients BETTER
than a consumer-grade product.


Gregg Hill






>>
>> Gregg Hill
>>
>>
>>
>>
>>>>
>>>> Gregg Hill
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> "Scott M." <s-> wrote in message
>>>> news:...
>>>>>> Please elaborate on what you consider to be a firewall. If you mean a
>>>>>> simple NAT router with an SPI firewall, then yes, one can be had for
>>>>>> under $200.
>>>>>
>>>>> Yes, this is considered a firewall, hence my comments.
>>>>>
>>>>>>A business-grade firewall probably cannot be had for under $500-$600,
>>>>>>plus a UTM subscription.
>>>>>
>>>>> Which is why I said: "You may not get an enterprise confugration..."
>>>>>
>>>>>> To which D-Link product do you refer? Most of us would not rely upon
>>>>>> consumer-grade products in our own businesses, much less in those of
>>>>>> our clients.
>>>>>
>>>>> I don't know who the "us" is that you are referring to. But I run SBS
>>>>> 2003 for my small business and this type of product suits my needs
>>>>> just fine. Also, I don't recall the OP discussing the needs of his
>>>>> "clients", as you make reference to.
>>>>>
>>>>> -Scott
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

> Well, I took his entire comments into consideration, rather than
> micro-focus on one sentence. You are **absolutely correct** in that the
> one sentence is incorrect, but the gist of the whole post indicates that
> he knows that a consumer-grade router has a firewall.

When you make a post in a forum that inexperienced and uninformed people
come to for guidance and you make a very clear and explicit statment:

"For $200 you are only going to get a consumer grade router, not a
firewall."

that is wrong, I am going to correct it for those that will read it and
believe it. Sorry if you have a problem with that. Others may not have the
insight that you have to fully understand the intention of the message.

> Whether it is a guess or not, as you say, the percentage doesn't matter,
> so why would you "challenge" the figure if it means so little to you?

Because I wanted to get you to realize that you are just making an
assumption based on no real facts or statistics.

> You stated, "Since the OP did not indicate in any way what kind of network
> he is working on...." That statement is indeed wrong, and my response to
> that particular statement is not a "blanket" response. The mere mention of
> SBS and SonicWALL indicate that this is NOT an end user trying to protect
> a workstation, more probably a person trying to protect his business.

But that is itself an incorrect assumption and why I used my scenario as an
example of why you can't and shouldn't make the assumption you did. The OP
also said he wanted something for $200.

> No, I do not have the precise facts of his EXACT needs (and neither do
> you),

My point exactly. Neither of us know enough to be making ANY
recommendations.

> but as I said before, the mention of SBS and SonicWALL **indicate** a
> business trying to be protected.

But as I said before (using my business as an example), the use of SBS
doesn't indicate the needs of the network and the mention of SonicWALL
doesn't either since the OP also mentioned a $200.00 price point.

> It is far from meaningless, Scott. Every business that I have encountered
> has data on its clients. By far the vast majority of home user systems
> have only that particular family's data to risk. It is precisely the
> degree of risk that you mention and that I have addressed by recommending
> a business-grade firewall to protect a business vs. a consumer-grade
> firewall to protect a business.

Again, you don't know enough to qualify the level of protection needed. In
my case, I'd much rather lose the documentation I use in my business than
the digital media library of my family's photos and videos.

You are again making blanket statements ("Every business that I have
encountered has data on its clients. By far the vast majority of home user
systems have only that particular family's data to risk."). Unless you know
what the data is, where it is stored, who is allowed access and what kind of
access is allowed, you can't say anything about a solution.

> Businesses tend to have more critical data than a home user, and data on
> more persons than a home user would have. Perhaps I should have stated any
> BUSINESS, vs. any HOME USER, needs to protect itself more. A typical home
> user has less risk than a typical business, period.

NO! NOT PERIOD!! More blanket statements here!!! You have no idea what
important documents and media "home users" have vs. "businesses" have, so
all you can do...all anyone can do without looking at the specific system is
make general assumptions and blanket statements. Why can't you just admit
that?

> You stated, "But you have made assumption after assumption, inference
> after inference based on extremely little knowlege of the actual system."
> Scott, you mentioned a consumer-grade firewall in response to his post. I
> mentioned a business-grade firewall. BOTH of us have made assumptions as
> to the actual need, and for some odd reason, you complain about my doing
> it, but you slough off the fact that you did the same thing. Why am I bad
> but you are good for doing the same thing?

I, in no way did the same thing. In fact, I have made absolutely NO
RECOMMENDATION WHATSOEVER to the OP. All I have done is point out that the
recommendation of others are not necessarially the best or only choice.

>> But, did anyone say that confidential information and dozens of business
>> client's data were at stake in this case? No. You've just made that
>> assumption without ever investigating the needs of the OP.
>>
>
> Neither did I say that, Scott. I said, "...that may include confidential
> information on dozens of that business' clients...." Notice the words "may
> include" in that sentence. I did not say the OP had that scenario. I said
> that **a** business MAY have that risk, not that HIS business DOES have
> that risk. Here YOU assume without reading carefully what was stated.

LOL!! Now, you are just helping me make my point. You've emphasized your
usage of the word "may" - - Thank you, because now we must entertain the
other possibility that it may "not" as well. And, if you can agree with
that, then you must also agree that you just don't know. And, if you just
don't know, then why are you making a recommendation on a specific solution?

> Again, I am the bad guy for doing EXACTLY what you did. We both made
> recommendations based upon very little information, yet you ridicule me
> for doing so. Nice double standard you have going there!

Again, I made NO RECOMMENDATIONS TO THE OP WHATSOEVER. All I've done is
provide an alternative possibility and suggest that no recommendations
should be made with such little information and I used my business as an
example of why doing that can result in an incorrect solution.

> Oh, I see. If I have an "opinion" it is a bad thing, but it is certainly
> OK for you to have one? YOUR opinion is based upon YOUR own ASSUMPTIONS,
> just as mine has been. Why is that OK for you but not for me? You made
> your comment about consumer products without any more information than I
> had!

[Third time now:] You've presented your opinion as fact and made a specific
recommendation as to what the correct solution should be. I've presented my
opinion as an opinion and made NO RECOMMENDATIONS as to what the
best/correct solution is or should be. These are not the same things.

> I see no mention by the OP of this mom and pop business about which you
> make your assumption.

I made no assumption about the OP's situation, I provided a hypothetical
scenario to show that, once again, you just don't know.

> I did not say your recommendation is wrong. I said that "Most of us would
> not rely upon consumer-grade products in our own businesses, much less in
> those of our clients."

I made no recommendation for you to say was wrong.

> Actually, you ASSUMED that Colin's remark was a rock-solid fact stating
> that there is no firewall of any kind in a consumer-grade router. Did he
> explicitly say that? NO!

True or False:

"For $200 you are only going to get a consumer grade router, not a firewall.
"

Enough said on that one. Any newbie reading that is going to get a pretty
clear indication (incorrectly) about where a firewall is and isn't going to
be found.

> You assumed he meant that

How could I not? He said it very clearly. Hmmm, let's try this...What do
you think I mean when I say: "I hate vegitables."?

> and I assumed that he knows better, after **reading his whole post.** The
> OP knows what a SonicWALL is, and Colin's suggestion to look at the other
> products is valid. Yes, if the OP stopped after reading the first
> sentence, there may have been some confusion. Perhaps if the OP were to
> jump in here and clarify how he interpreted the comment, we would
> understand better. Barring that, you are assuming as well.

The OP said so little in his post, for all we know, all he knows about
SonicWALL is that someone said it was good and go get one. Again, you and I
don't know squat about the OP (or others reading this thread), so accuracy
is paramount.


> Your reply was also an assumption.

Get real. There is no assumption when you object to someone saying 2 + 2 =
5.

> You also failed to respond to his whole comment.

Absolutley correct! And, for the reasons I have repeatedly indicated.

> Taken out of context in that way, yes, it could be confusing. Your reply
> could simply have stated, "You may not get an enterprise configuration,
> but you can certainly get a DLink or similar product with integrated
> firewall." That would have been a lot less antagonistic.

There's nothing antagonistic about calling someone out on a mis-statement
they've made.

> I have read everything you have said, including the "...my 6 client
> business is running with a consumer router/firewall and a software
> firewall" comment. Also, the "I wouldn't make a recommendation at all
> until I knew much more...." comment IMPLIES that you do make
> recommendations, and you did make a recommendation to the OP.

What recommendation? Where? No, you are mistaken. In fact, I haven't
responded to the OP at all in this thread. I have not said anywhere, he
should get this or that. Your repeated assertions to the contrary are
evidence that you aren't really interested in details very much.

> My point was that business-grade product would protect those clients
> BETTER than a consumer-grade product.

And my point is that looking at the hardware/software is only one part of
what a solution provider does in order to come to the point of making a
recommendation. Having multiple, redundant, load-balanced, raid configured
systems is always much BETTER for performance and reliability of a system,
but you don't recommend that to everyone because you must also take into
account:

purchase & maintenance costs
setup & maintenance time
available man-power
available skill-set
roi/tco

Yes, I do make recommendations to my clients. And, I do it AFTER I get my
hands on all the information I need to make a recommendation that means
something. To make a recommendation without this information is just as
reckless as unsecured data. This is MY POINT and what you have failed to
acknowledge.