Ask HN: Is it a good practice to use firewall hardware to secure an SMB network?

1 pointslaydn5y ago1 comments

We've been advised to 'increase' our network security by an IT consultant. He recommended that we install a firewall.

We have 8 users in an SMB setting. We do not have a dedicated IT person on staff, we manage everything ourselves. We haven't had any major security issues thus far.

After quick research, we settled on a FortiGate 40F firewall. Then we looked at the CVEs, and found this:

https://www.cvedetails.com/vulnerability-list/vendor_id-3080/Fortinet.html

Some of them are quite serious. I am not singling out Fortinet here; in fact, we found out that a lot of other vendors are in a similar situation.

We are now asking ourselves whether we will be in a worse situation from a security standpoint, because we will be installing a device, which, if compromised, may allow full access to our network. In other words, by installing a new critical piece of network security equipment, will we actually inadvertently increase our attack surface?

What are the best practices for SMB network hardening? I imagine every business needs different levels of security, but I feel like there should be documented or perhaps even standardized set of guidelines for different scenarios. There is ISO27001, but that does not come with specific recommendations.

Thanks!

1 comments

1 comments · 1 top-level

brudgers5y ago

You manage the network yourselves.

Can you manage a hardware firewall yourselves?

If not, it is a bad idea.

Good luck.

j / k navigate · click thread line to collapse