Protecting our internal network

155 pts.
Tags:
Cisco ASA
Firewalls
ISA 2003
Network firewalls
Network security
Snort
Untangle
Hi Network engineers/ managers, I've been faced with a challenge on how to protect our internal network from threats outside with minimal cost, or none at all (at least for the software when using open source) Can anyone advise me what to use? Ive searched about, CISCO ASA, ISA 2003, SNORT, Untangle, Sourcefire, and I know there are other out there that I haven't known yet. Any ideas folks? What is the best path?

Answer Wiki

Thanks. We'll let you know when a new response is added.

Hardware firewalls are always my best choice and also the concept of “quarantine” network could help you even more.
Try designing a multi-tier network with a dedicated segment of honeypots that should capture most of the malicious activities.

===============
Some decent open-source firewalls exist. Check out <a href=”http://www.smoothwall.org/”>Smoothwall</a> to get some ideas about what is out there. You do need more than just a firewall though. Anti-virus and anti-spyware are musts to ensure layered defenses are in place. Remember the “DENY ALL” rule should be in place by default and only open firewall ports for required services. Do not install unneeded or unused services on computers that are exposed. Be sure to regularly apply patches and do not forget to update a system after reinstalling the OS or restoring from backup.

In the IT trenches? So am I – read my <a href=”http://itknowledgeexchange.techtarget.com/it-trenches”>IT-Trenches blog</a>

Discuss This Question: 9  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Augusta82
    i agree with labnuke99 that hardware firewalls are really the way to go. i was just part of a new firewall installation at my firm and we are extremely pleased with the results. we are using nokia ip390 firewall appliances and i would highly recommend them.
    45 pointsBadges:
    report
  • Kevin Beaver
    Don't forget to lock down your hosts as well. All it takes for an outsider to get into your environment is a poorly-configured wireless AP, a missing patch on an exposed system that's exploitable via Metasploit, SQL injection on a Web site, or some other unprotected entry point (i.e. Windows Terminal Server or VPN with a weak password). You're going to have to find out where you're weak to really get things under control. The following article I've written may be of help to get started: Securing the Internal Windows Network Also check here and here.
    16,610 pointsBadges:
    report
  • JuneC
    Thanks for the advice guys. I have some more issues. 1. I really don't have a lot of budget right now, what would be the best opensource firewall to your recommendation and what would be its recommended platform/ OS? 2. Assusming I already have set-up my firewall and its in-place, how would i know which workstation or server in my network have already been infected prior to my installation of a solid firewall. 3. Is it safe to just have a firewall or do I need to set-up also IPS, if so, what is the best IPS (opensource again) that would be available. 4. What about honeypots? All your adivices are highly appreciated here. Thanks again.
    155 pointsBadges:
    report
  • Kevin Beaver
    There's so much here that we don't know such as your specific security requirements, the type of systems you're trying to protect, and so on that it's going to be tricky to specify a "best fit". Outside of iptables, I really don't come across too many open source firewalls. There are a lot of options - just Google "open source firewall". Unbuntu and OpenBSD might be good options for you. You could do an IPS and possibly a honeypot but, at this point, you might be best off focusing on the basics. Get your basic network and firewall configuration in place, let things settle down, and then start building it out. Knowing what's been infected will require you scanning your systems for malware and vulnerabilities. Do you suspect some foul play? Can you tell us more about your environment?
    16,610 pointsBadges:
    report
  • JuneC
    Thanks kevinbeaver for the advice. We're into windows, totally, but I wanted to learn also LINUX coz I've heard a lot of good stuff from other IT managers about it. Yeah, I suspected some irregularities in our network. I thinks we've experienced DoS but the malware keeps on jumping to other PCs. I've caught one workstation that tried to suffocate the network and bring down the services, this lead me to reformatting that system as the last resort to remove the malware. I think there are more kinds of attacks that have got into us but we have detected it yet. Any advice? Thanks.
    155 pointsBadges:
    report
  • Pressler2904
    You mention that your (financial) resources are limited, and that you'd like to learn Linux... I'm basically a PC / MAC desktop, Windows network guy, but there is on no or low cost item which you may find useful: Astaro Security Linux. This can be configured as a security "appliance" (ie: a standalone firewall) and is available both as a free download (community support only) and as a paid program/installation (with commercial support)...
    2,190 pointsBadges:
    report
  • Robert Stewart
    I realize your financial concerns but the firewall is not where you want to skimp on money, forget the software firewall and go with the hardware firewall approach. As far as finding what is corrupted now, run virus scans and or malware scans. The firewall can point you to the ip originating the packet request, but you would then have to know what ip's belong to which machines again not easily done with DHCP set.
    1,810 pointsBadges:
    report
  • Kevin Beaver
    JuneC: I've had on my to-do list to add one more bit of info to this and I let it slip by so pardon my delayed response. You may want to consider getting a free vulnerability scan from a vendor such as Qualys or signing up with a consultant or vendor who provides a one-time or ongoing security vulnerability scan service like what I do. Using a reputable security scanning tool will give you a good idea of how the world sees your network and hosts, show you what's currently exploitable (and being exploited), and they can provide insight into what holes need to be plugged. It's not everything since additional manual analysis will often uncover other issues and can validate what the scanners find but these scans are WAY better than doing nothing at all. Best of luck!
    16,610 pointsBadges:
    report
  • JuneC
    Thanks for all the advices guys. I'm glad there are people like you in the world.
    155 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following