Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 27 subscribers
  • Views 6984 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Help buy hardware box for XG not vulnerable to Meltdown and Spectre

nqserv

Hi,

I will to start using Sophos Firewall XG on a small office with just 4 computers and that has a fiber internet WAN speed of 200MB Down / 100MB UP.

So I need to buy a hardware box / mini pc to install Firewall XG. I really don't want to spend more than $250 (the cheaper the better) and because I live in Europe, the item must be available to buy in Europe so I don't have to pay import tax fees.

Very important is to choose a item with a CPU not vulnerable to the recent Meltdown and Spectre security vulnerabilities.

Can anyone please share some advise?

I would really appreciate. Thanks!



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    I think you are budgeting a bit too low. All current devices are likely to be susceptible to the issues. I have patched the BIOS on mine home unit with a BIOS update that according the MB manufacturer is using fixes supplied by Intel.

    I think you need to learn more about the vulnerabilities and firewall security because to exploit the vulnerabilities you need to be logged on to the box to run software and if the bad user is logged on then your security is already stuffed.

    Most boxes you are looking at will be around $400 in Europe.

    Ian

  • 0 in reply to rfcat_vk

    Hi,

    Thanks for the advise. So just to be clear, even if a model is vulnerable to both Spectre and Meltdown, the only way a hacker can take advantage is if he has physical access to my firewall server or access to my internal LAN when then have the login details for the firewall server. It's not possible for a ahacket take advantage by remote access?

    In terms of budget if really needed I will spend more. What models do you suggest in the range of $400 to 600?

    Thanks 

  • 0 in reply to nqserv

    Hi,

    your PCs are more vulnerable than your firewall. But, by the time you are ready to install XG there should be BIOS patches and new release of XG.

    Everyone has been complaining about the potential performance hit when the fixes are applied. My CPU which is a bit of an overkill still sits around 1% and when excited goes to 4%. Probably not a good indicator though because my two ISP connections on a good day equal 8mb/s download total.

    Have look at the following link, it is in BP

    https://www.pondesk.com/product/Intel-J1900-4-LAN-Network-Firewall-Router-NGFW-Mini-Server_MNHO-028.

    You will not need the wifi, recommend at least 4gb and 32-60gb of disk.

    Ian

    One thing though, you might be better off buying a small XG115 or similar (not the XG85) because even though it costs more you get all the functionality and support thrown in. By the time you buy your hardware then buy a licence with all features you will be about even.

    In Australia an XG115 with a 3 year licence will cost about $1500 which should be what you need unless you have a server you need to expose to the internet.

  • 0 in reply to rfcat_vk

    The model you suggested seems a good option. I will not need wifi. Do you know if the vendor already release the Meltdown and Spectre patch for it?

  • 0 in reply to nqserv

    At this stage I am not aware of any patches for the hardware, but you would best take that up with your reseller.

    Also there is a note at the top of the forum on Sophos's activity with the bugs.

    Ian

Reply Children
No Data