Hardware Firewall Question
Thread Starter
Registered User
Joined: Oct 2000
Posts: 10,134
Likes: 0
From: Baltimore
Hardware Firewall Question
My company's IP address is now black listed by CBL and Spamhaus 
I checked and realized some fool on our network had an infected computer. How would a hardware firewall prevent these spamming viruses? Or there is no such thing?
I checked and realized some fool on our network had an infected computer. How would a hardware firewall prevent these spamming viruses? Or there is no such thing?
Registered User
Joined: Jun 2001
Posts: 6,792
Likes: 4
It depends.
The simple answer is yes and no.
A firewall will "hide" your internal network from external queries -- so the script kiddies who scan IP blocks won't find any vulnerable machines. This is of course supposing you set up the firewall correctly and don't do anything stupid.
On the other hand, your machines can still become infected if a stupid user executes something bad, aka a trojan.
The best approach is to tier your protection. Start with a firewall, a Cisco Pix 515 etc (or even a cheapy Linksys SOHO 80 dollar job), and add some manner of virus scanning to your inbound email system. If you use sendmail or qmail there are a lot of nice free options out there, if you use Exchange you can buy a few decent packages.
Follow up with a virus scanner on each computer within your network to stop anyone from bringing stuff in from the outside on memory sticks, CD's, Zips etc.
I get scanned on average 4 times an hour -- and recently watched as a fresh 2003 server machine was up for less than 4 hours outside of the firewall before being owned.
If you want help or more detail hit me up via PM, I will be glad to talk you through what I would do in your shoes.
The simple answer is yes and no.
A firewall will "hide" your internal network from external queries -- so the script kiddies who scan IP blocks won't find any vulnerable machines. This is of course supposing you set up the firewall correctly and don't do anything stupid.
On the other hand, your machines can still become infected if a stupid user executes something bad, aka a trojan.
The best approach is to tier your protection. Start with a firewall, a Cisco Pix 515 etc (or even a cheapy Linksys SOHO 80 dollar job), and add some manner of virus scanning to your inbound email system. If you use sendmail or qmail there are a lot of nice free options out there, if you use Exchange you can buy a few decent packages.
Follow up with a virus scanner on each computer within your network to stop anyone from bringing stuff in from the outside on memory sticks, CD's, Zips etc.
I get scanned on average 4 times an hour -- and recently watched as a fresh 2003 server machine was up for less than 4 hours outside of the firewall before being owned.
If you want help or more detail hit me up via PM, I will be glad to talk you through what I would do in your shoes.
Registered User
Joined: Feb 2003
Posts: 4,472
Likes: 0
From: Sydney
From what I know about spamhouse, a firewall will not help you any.
Spamhouse blacklists IP addresses and that means that is your mail server that is blacklisted.
The only way I know is to have your mail server do header matching (matches the from bit to an internal emal address) on outgoing email. This will stop the spam a lot as most of the spamming viruses use random email addresses on the from address.
Registered User
Joined: Sep 2003
Posts: 3,802
Likes: 0
From: Los Angeles
Originally Posted by mingster,Jul 11 2004, 11:41 AM
How would a hardware firewall prevent these spamming viruses? Or there is no such thing?
Joined: Aug 2001
Posts: 17,792
Likes: 4
From: Bay Area, California
Originally Posted by flitcroft,Jul 11 2004, 04:04 PM
Very easily. You just block outgoin port 25 from all client machines. The only machine that needs to send outgoing email is your mail server. If the infected hosts are blocked at the firewall they won't be able to spam.
Thread
Thread Starter
Forum
Replies
Last Post