SIGforum.com Main Page The Lounge Wife may be working from home more often. Work requires a firewall.
Main Page The Lounge Wife may be working from home more often. Work requires a firewall.Go | New | Find | Notify | Tools | Reply | |
W07VH5 |
We told them we have a firewall built into the router but they'd rather we had an stand-alone, external firewall. I've seen them for anywhere from $60 to $7500  so I'm thinking $60 sounds nicer.  I have an always on backup server with Virtual Machine ability so I could add something like UFW to it but I am not knowledgeable in IT (although I had to do some of that work at the programming job I had 12 years ago) and this is kind of important due to the nature of the wife's work. Any suggestions for getting up and running with a good enough firewall that won't hurt the wallet too much? | ||
|
Mistake Not... |
Maybe I missed something. If your wife is working from home according to a company policy, why do you need to buy a firewall? Why doesn't the company buy a firewall that it wants it's employees to use? Even if your wife is optioning to work from home as an alternative to the office, why would the company have a non-standard firewall policy? ___________________________________________ Life Member NRA & Washington Arms Collectors Mistake not my current state of joshing gentle peevishness for the awesome and terrible majesty of the towering seas of ire that are themselves the milquetoast shallows fringing my vast oceans of wrath. Velocitas Incursio Vis - Gandhi | |||
|
| Thank you Very little  |
Agree with LS,, she should tell them ok and to send one to her and you'll install it, with IT's help. | |||
|
| W07VH5 |
I don't have answers for those questions. I can ask when she gets home. I think they asked those that were opting to work from home if they do have firewalls. It will greatly benefit everyone here if she's able to work from home so I'm willing to help. I don't think it's a requirement but it is highly suggested. I don't mind picking up a Ubiquiti firewall box for $100 and it would benefit the household, too. It can also be considered a business expense, right? | |||
|
Member |
It will do the same thing your router/firewall does. Ignore connection requests initiated from outside the FW. Unless the company plans on providing a FW ruleset that will allow connection requests from their FW, it's pointless. The company would be better off providing a vpn client if they're worried about it. Hedley Lamarr: Wait, wait, wait. I'm unarmed. Bart: Alright, we'll settle this like men, with our fists. Hedley Lamarr: Sorry, I just remembered . . . I am armed. | |||
|
| Thank you Very little |
If you are saying she's asking to work from home and corporate is saying a FW is required, as part of the conditions then maybe that's different. Still should ask if they have one in inventory she can use that they configure to meet their specs for security. I say that because you want no liability for any unauthorized access to be your fault for not having the proper setup/FW... At least have them send her the specs. | |||
|
eh-TEE-oh-clez |
That's weird. Windows has a firewall built in. Your router sounds like it also has a firewall. Anyway, because I believe a third party hardware firewall would be unnecessary/overkill, I would just buy the cheapest firewall from a reputable manufacturer to check the "I did my diligence" box. For example, the Trend Micro security firewall is $110, but needs a $59 a year subscription for definition updates. My Asus router has AiProtection Network Security powered by Trend Micro built in--which is literally what the above does--but is lifetime subscription free. If your wife's work is requiring you to throw $110 towards a "firewall", maybe she can convince them to let you throw that $110 towards a nicer router. A nice router should do everything a "firewall" does, plus it's the actual backbone of your network so a nice router could improve your connection speeds and give you better control over your internet traffic. | |||
|
| Mistake Not... |
The paying really isn't the issue I see. Working from home has lots of ancillary benefits and its okay to have some costs placed on the worker. BUT, if the company REALY NEEDS this firewall, apparently for security, I would really want to know what your liability is if the security they want you to provide at your expense proves insufficient down the road. ___________________________________________ Life Member NRA & Washington Arms Collectors Mistake not my current state of joshing gentle peevishness for the awesome and terrible majesty of the towering seas of ire that are themselves the milquetoast shallows fringing my vast oceans of wrath. Velocitas Incursio Vis - Gandhi | |||
|
| W07VH5 |
I believe they do have all their off-site connections through VPN. However, there is another part of the work that requires web searches and looking up codes. Maybe that's what they're concerned about. | |||
|
| W07VH5 |
It's an excellent point. Thank you. Yes, excellent point. Thanks! | |||
|
| W07VH5 |
That's what my router uses as well. | |||
|
I'm Fine |
My employer gave me a laptop with a VPN app installed. I use as needed in regular fashion and then turn on the VPN when I need to connect to the secure network stuff at work. It does slow down my connection some when it's on - so I don't leave it on all the time; just when I need it. ------------------ SBrooks | |||
|
| eh-TEE-oh-clez |
If it's just a "suggestion", then I would just roll with the AiProtection built into your router. I don't think a hardware firewall is going to provide any benefit, especially if it's not a managed firewall that's being managed by the company. Most companies, if they deploy mobile workstations or laptops to employees, would manage the VPN, anti-virus, and software firewall as part of a company wide security policy. CISCO AnyConnect is a popular suite of mobility security, for instance. Having individual employees buy hardware firewalls seems like a messy way to do it--simply having a firewall won't help if the individual employee allows malicious connections through unwittingly. A managed solution prevents that. If this is all in response to some policy document a lawyer drafted as a CYA, then I would just rely on the strict reading of the document and say that your firewall existing on your router is indeed a hardware firewall separate and apart from your computer and the computer's software firewalls. | |||
|
| W07VH5 |
Thanks. I'll get the details soon but that sounds like what is happening. A meeting that could have been an email occurred and someone needed to sound important, I think. | |||
|
| eh-TEE-oh-clez |
I'll bet your wife's data probably involves personally identifiable information. Lawyers and IT people everywhere have been cutting and pasting information security policies and data protection policies to get in compliance with the GDPR and the California Consumer Privacy Act all last year and the year before. Every data protection policy I've seen has some vague requirement that the organization will implement and apply "appropriate" technical and organizational measures to protect the PII, and then rattles off a list of things that seems prudent to have: firewalls, security monitoring, anti-virus, backup and recovery, and regular audits and penetration testing. I imagine this is where this is all coming from. "Hey, can we work from home?" "Sure, but IT has this security document we have to follow that was written long before the pandemic." | |||
|
Member |
If you really need an external firewall , I'd recommend either sophos , or pfsense. Both are free for home use , and you simple load them on an old pc or similar. Sophos is more utm , and does a lot of extra , although adsense can use add ins to also extend functionality. So if you have a spare pc this is cheapest , most robust option. You could also run either as a vm , assuming that machine has capacity . | |||
|
| Member |
If work requires a firewall, I'd expect IT from work to provide it and support it. As others have mentioned, providing a VPN connection is much more common. It might be good to contact work's IT group directly and see what they say. | |||
|
| W07VH5 |
Ah, pfsense is the name I was trying to remember. I do have VM capability. The requirement is we have something, the external one is a recommendation. The router is fine but I may just experiment with pfsense. | |||
|
| Powered by Social Strata |
 | Please Wait. Your request is being processed... |
|
SIGforum.com Main Page The Lounge Wife may be working from home more often. Work requires a firewall.
Main Page The Lounge Wife may be working from home more often. Work requires a firewall.© SIGforum 2024