Buy a copy of RH 7.1 (linux) and load it up on one of your PCs.

It's easier to install than MS stuff and has several different firewall options/utilities.

And get a copy of Maximum Linux Security from Sams.

When you have a good comfort level with it, you can replace your existing MS stuff that you have to pay for :-)

Are you using remote access of some kind?Web Server? Email server? If not then you only need to use a NAT (Network Address Translation). A NAT is placed between your network and your ISP. Outsiders cannot get in. A linksys router for NAT is only $99 and very easy to configure. If you are using your own server as a web or email server then you should use a router than can perform port blocking and/or forwarding. Netopia's are relatively cheap and will do both and are fairly easy to configure. Netopia's will also handle VPN/WANs between offices or for remote access. Highest end is a cisco, prepare to pay for installation and configuration and hardware, but they are the best. I would not recommend a cisco for a 15 user network. For a 15 user network you only need to install a door and lock it, not pay for Fort Knox security. You need to audit user access to files and lockout user accounts after 3 failed login attempts.

NEVER EVER AGAIN THINK ABOUT GOING WITHOUT ANTIVIRUS PROTECTION!!!!

But who is going to pick out 15 user network using a NAT for Internet access for a DoS attack? Hackers do not just attack IPs at random.

Are you using remote access of some kind?Web Server? Email server?

We have an ISDN line and are served by a remote company. My understanding is that they don't have a firewall, as such, for us and I need to install something on site between the ISDN connection and our Novell server. Our individual computers are all protected by Command, but it is a constant maintenence problem to update it all of the time. Currently we scan once a week, but the viruses are proliferating at such speed (and some of my users are stupid about what they open) that I want something to stop this stuff before it ever gets to the server -- not wait to clean it up after it gets to our work stations.

I have been told that this product, Sonicwall, will automatically go out and search for viruses and updates itself. It also can be set to block porno sites from being accessed (although I don't think I need that here, you never can tell).

Thanks for the recommendation. I will pass it on to my consultant. Cost for the Sonicwall set up is around $1600.

A DoS attack is an attackers only option on a network behind a NAT. He could try to gain access to the NAT and change the config but it takes 5 minutes to fix and the password could easily make it not worth their while. A Firewall is overkill for this guys network.

Asking for your input. Please bump question to any other techies you know.

A Firewall is overkill for this guys network.

I'm not a guy, thank you, and I need all the protection I can get. If anything gets in and disrupts this network, my husband will have my head on a platter because I am the one who pushed to install it! LOL.

Asking for your input to this problem. Please bump this question to any other techies that you know.

A couple of things - I manage the Novell side of the house here and have tried just about all of the antiviral products. We're currently using Inoculan, and I'm not sure I'd recommend it - their ability to write NLMs isn't quite up to their ability to do the MS side of things. OTOH, we once had a very unusual problem with the Norton product - a manual scan on certain compressed Netware volumes changed the file modification dates to future dates, which is a problem, because they don't reset BACK upon access. That problem was cured in a subsequent release.

You NEED both a firewall and virus protection. Trust me on that one! One thing to watch out for on virus programs is scanning on read as well as write - this can interfere with the speed of tape backups in a very big way. We scan on write only. With scan-on-write and virus protection on the desktops (you need both pieces, as the desktops can pull the stuff in from email or the Web without the server lookinng at it) you're covered pretty well.

FReemail me if you like - we can swap SysAdmin horror stories. One of these days I'm gonna start a "I had this user who..." thread...

I would recommend FreeBSD over RH linux. RH can be made as secure, but it takes alot of tweaking. FreeBSD is more secure out of the box.

Never lose the Anti-virus. Users, not the network, bring in most of them, esp on Win98. Further, the firewall probably won't stop email worms.

I have not yet set one up but from looking over the specs I really like THIS UNIT. There are some solutions showing up now that cater to your situation and this looks to be one of them.

MM

You're anti-virus software should scan ALL email's and ALL attachments ALL the time, just scanning once a week is not good enough, if commander won't do that get Norton. All Files on workstations and servers should be scanned daily. Do not rely on a firewall for anti-virus protection, viruses may be sneaker-netted in via floppy or home burned cd's by careless employees. Also, Netopia has an ISDN router product that will prevent all external access to your network but allow you to surf out you can also use it for encrypted remote access to your network or for connecting the networks of two offices into an WAN if you wish to set it up that way (it's a VPN). Set a nasty password on it to keep the kids out. You are not a hacker target unless you just leave your door unlocked.

BorderManager does everything you need, with the exception of virus checking. Most Novell shops use Network Associates's McAfee - NetShield or Computer Associates's Cheyenne - Inoculate for their anti-virus software.

I am a network administrator. First of all, Windows 98 is just about as insecure and buggy as anything can be. The same goes for 95, and ME. If I was to come in and do the job for your company, I would first require Windows 2000 Professional (or Windows XP Professional). Next, I would migrate your data from Novell to a Windows 2000 server and install Active Directory. Firewalls: FireWall-1 - Check Point Software Technologies Raptor - AXENT Technologies PIX Firewall 520- Cisco Systems CyberGuard Corp. Firewall Guardian - NetGuard NetScreen-100 - NetScreen Technologies SecureZone - Secure Computing Corp. That should get you started. Seriously though, a firewall is a good place to start, but you really need to get rid of Windows 98. Windows 2000 is pretty damn user friendly, hardly EVER crashes, and is WAY more secure than 98. The bugs and problems in Windows 98 that haunt your daily life will be gone when you switch to 2000. Not to mention the fact that a good Active Directory domain and Windows 2000 clients in place of your Novell server setup will reduce your admin headaches by about 90% (IMO). If you have a bit of time to wait, and you are considering upgrading everyone to Windows 2000 Pro, wait for Windows XP Pro in a month or two. It's much more friendly than 2000, and the performance improvements over 2000 make it worth your while. These days you need to squeeze as much performance out of the machine as possible. If you aren't in a position to upgrade everyone to a new operating system, the firewall list above will put you on the path to security. You will get different answers depending on who you talk to, but this is my opinion. Good Luck!