Assistance with hardware specs please!!

[wickedy]

I've been tasked to set up a small (6 max PCs) network at work for the sole purpose of providing a "Internet Cafe" style setup. It can't be a wireless network.

Now, I hold my hands up and freely admit I know nowt about networking hardware. I've been reliably informed that, once I get the cable broadband sorted out, and wired into our Technology Room, I will need:

- a firewall; connected to a
- a proxy server; connected to
- a network switch, which will in turn be connected to our computers via our in-house hardwired trunking.

We need the firewall to block access to sites deemed unsuitable for viewing at work (i.e. those that contain racist, homophobic, sexist, defamatory, offensive, illegal or otherwise inappropriate material). So we need to be able to obtain up-to-date lists of such sites to keep this material unavailable.

So, what do I need to buy? A friend has strongly suggested that our firewall should be purchased from Cisco, but other than that, I haven't got a clue which model, or to what specs it should be made or operate on.

Any and all help welcome. Please??!?

 

[Phemo]

We need the firewall to block access to sites deemed unsuitable for viewing at work (i.e. those that contain racist, homophobic, sexist, defamatory, offensive, illegal or otherwise inappropriate material). So we need to be able to obtain up-to-date lists of such sites to keep this material unavailable.

You don't use a firewall to do that. The firewall would provide NAt functionality so that all the computers would have Internet access and obviously it's a security measure too. If you got a decent proxy server, that combined with a content filtering setup would allow you to block sites per category. The only proxy servers I'm experienced with are Blue Coat units - something like an SG200 would do the job very well although it'd probably be overkill. I have no idea how much they cost, however.

A Cisco PIX of some sort would be all you'd need for the firewall. I'm more of a Juniper guy so I'll let someone else suggest a model.

To be honest, even that's probably a bit of an overkill for simple Internet access for a proxy server/6 PCs. If you're not going to be setting up any VPNs or doing anything else really then there's little point forking out a couple of hundred quid for a PIX/NetScreen/equivalent when a simple Netgear router would do the job.

 

[wickedy]

Phemo.

Thanks for the quick response. I know it may seem like overkill but it's required by the organisation I work for and certainly for the work we do. It's not linked with our main network or the work we do, but it does need to be secure and safe, monitoring both incoming and outgoing traffic to a certain extent.

I forgot that the filters go onto the proxy server - shows how little I know on the subject. Also, what is "NAt functionality"?

Finally, what specifications should I be looking for on a firewall with my above business case in mind? Will any firewall do or is there certain functionalities I should be looking for?

Thanks again. Please feel free to jot down anything you consider to be of use or interest.

Ta

 

[Phemo]

NAT is Network Address Translation. Without getting overly technical, this basically allows multiple devices to share one Internet IP address. It also provides a degree of security as a sort of 'side effect'.

You wouldn't need a particularly expensive firewall. On the Juniper side I would suggest a NetScreen 5GT - I've got one of these at home (from work). They're pretty good pieces of kit. Some of the Cisco bods may be able to suggest something more appropriate but it looks like a Cisco PIX 501 would do the job - this is near enough the Cisco equivalent to the NS 5GT. This provides 60Mbit of firewall throughput which should be more than enough.

I'm not too clued up with the pricing but I believe the NS 5GT is about £250 or thereabouts so that alone indicates there's a bit more to it than a standard home Netgear router

Both the PIX 501 and the 5GT have only 4 ports for the LAN so you'd need a switch of some sort. You wouldn't need a managed switch and you'll likely only need 7 ports (6 PCs + proxy server) so you wouldn't need a large switch either.