If this is your business, can you afford to lose some or all of it?
Can you afford to pay ransomware, if you get hit?
Many people seem to believe that the only reason to buy a hardware
firewall is for speed-when you have quite a lot of network traffic
and/or many devices on the network. That is not the only reason.
Layering and thoroughness also matter.
One of the the first principles of security is to layer things.
Right now, you have mostly two layers: Your Windows firewall
and the Netgear router. The FVS-318 has pretty basic firewalling functionality:
From the manual:
https://www.downloads.netgear.com/files/FVS318v3_RM_11Jan2012.pdf
Unlike simple Internet sharing NAT firewalls, the FVS318v3 is a true firewall, using stateful
packet inspection to defend against hacker attacks. Its firewall features include:
• DoS protection.
Automatically detects and thwarts DoS attacks such as Ping of Death, SYN Flood, LAND
Attack, and IP Spoofing.
• Blocks unwanted traffic from the Internet to your LAN.
• Blocks access from your LAN to Internet locations or services that you specify as off-limits.
• Logs security incidents.
The FVS318v3 logs security events such as blocked incoming traffic, port scans, attacks, and
administrator logins. You can configure the firewall to email the log to you at specified
intervals. You can also configure the firewall to send immediate alert messages to your e-mail
address or email pager whenever a significant event occurs.
• With its content filtering feature, the FVS318v3 prevents objectionable content from reaching
your PCs. The firewall allows you to control access to Internet content by screening for
keywords within Web addresses. You can configure the firewall to log and report attempts to
access objectionable Internet sites
Stateful packet inspection is good, and it's important. That means it
examines each packet individually for potentially malicious content.
However, the v. 5 of this manual (not v.1) is dated 2012. How many firmware
updates have you received for it since then? Based on that manual version,
I'm guessing this box became unsupported years ago. I'm I'm wrong,
please let me know. Unsupported means isn't providing updates for critical
vulnerabilities/hacking methods.
Generally, only more expensive gear gets updates for many years. Is this one
still getting regular updates?
Speaking of which, do you make backups of your existing configuratiin for it?
That generally only takes a few seconds, and can save a world of pain after an attack,
breach or questionable event. If not, I urge you to start doing so. The files are tiny,
so need for much storage space.
Also, do you check the logs once in a while? Maybe you don't know how to
interpret them, but it is a good idea to learn a few basics so you can at
least make some educated guesses as to how safe you are.
I'll add one more thing: A newer device, depending on price, may also be able
to scan for malware and viruses, though that costs more (usually as a
subscription). But it's another layer of protection. When possible, you want to
have multiple layers of protection to rely on. It could be compromised.
True hardware firewalls also usually do much more sophisticated packet
inspection than software firewalls do. So, in short, there are a few advantages
to an up-to-date hardware firewall.
BTW, depending on how technical you want to get, a third option is to use
something like PFSense, which is available as a free download. It's very
powerful, and is used in many business environments. It runs on a lot of
typical Intel/AMD hardware as it's based on FreeBSD (similar to Linux)
under the hood.
That may be a level of complexity you don't want, but I just though I'd give
you the option.
See bottom third of this page for free version:
https://www.pfsense.org/products/#requirements
Edited by Shplad, 12 August 2022 - 05:05 PM.
Back to top
