Rube Bumpkin wrote:

>
>>
>> You should decide what feature you need for your network. Are you
>> going to need a DMZ for publicly accessed servers? Are you going to
>> need a FW capable of IPS functions and anti-virus? How many interfaces
>> will you need? Do you need VLAN capability? VPN?
>>
>> I have a personal bias for Secure Computing's Sidewinder appliances
>> because they are rock-solid (never been compromised) and have more
>> out-of-the-box capability than any other firewall I know of.
>>
>> http://www.securecomputing.com/index.cfm?skey=20
>>
>> The 210 is fairly inexpensive and can handle 150 clients.
>>
>> http://www.securecomputing.com/index.cfm?skey=1676
>>
>>
>
>Well it looks like I'm in way over my head, since I'm not sure how to
>answer your questions. I'm not even sure I understand them.
>
>I did look at the Sidewinder and it seems like overkill.
>
>- We're using a standard Cable connection to the internet, so we only
>need 3 to 5 MBits of throughput.

The maximum throughput of the firewall includes all interfaces and is
more an indication of the speed of processing packets than it is how
much bandwidth you have available. Then again, when your working from
your internal network and accessing a DMZ, it's nice to have a 100Mb
connection to transfer files without effecting your other bandwidth
needs.

>- The teachers have laptops and they need to get to an internal database
>for grades and homework assignments, etc.

The Sidewinder comes equipped with built-in VPN, which would allow
ultra-secure access to your internal network (you can use passwords,
certificates, LDAP, and even software or hardware access tokens). Most
firewalls do not have this feature and you need an extra box for VPN.

>- We have 3 small websites that we'll want the world to get to.

You need a DMZ for any publicly available web sites. That is the only
secure way to go.

>- We currently use RAS and RDC for remote troubleshooting, and some file
>access.

Using VPN with RDC is a snap on the Sidewinder and much more secure
than using RAS. I've even seen people use RDC without VPN using
certificates and passwords for authentication, but I don't recommend
doing it that way.

>- We're looking at bringing our email in-house on a local Exchange server.

The Sidewinder comes with a secure, split mail transport (one
transport on the external side and one on the internal side to prevent
direct connection between external and internal services) that is
solid as a rock. The secure OS is based on BSD and uses sendmail. You
can also add virus-scanning of email (and web traffic) as well as an
anti-spam engine. Although this would cost extra.

>- Our budget is small, and we're looking at getting some state and
>federal grant money to pay for whatever we buy.

The 210 would probably run around $1100, but I haven't priced them in
a while. You might even be able to get a special government discount.
If it helps, the US Government uses Sidewinders in it's most secure
areas (DOD, NAS, etc...)

>How does this fit into your recommendations?
>
>RB

It fits very nicely. The only problem I could see is that you really
need someone who knows what they are doing to set up a firewall
properly. Even the most secure firewall can be bypassed if it is
configured improperly.