ITwrx logo.
Services
Projects
About
Contact

Managed Firewalls

Why should you use a dedicated firewall machine to protect your LAN? The typical consumer approach to network security may be fine for some home users (probably not), but if you're running a business, or any other organization that has been entrusted with people's data, it is only responsible to take proper, commercial-grade measures to protect that data.

ISP and store-bought routers are not good enough.

These routers are optimized to reduce the router manufacturers' or their customers' expenses, not increase your security. They make it convenient for typical end users to get their internet or LAN/Wi-Fi working without having to call tech support, or for tech support to easily gain access to investigate an issue. Unfortunately for end users, they often configure services, or manage firmware and updates in such a way that creates a back door into the router, and therefore your LAN. These devices are not secure themselves, so how can they protect your infrastructure?

ITwrx firewall

Consumer-grade LAN clients are vulnerable.

Proprietary, consumer Operating Systems should not be exposed directly to the internet. Their focus is monetizing the user, not security or privacy. Ransomware has changed the landscape from annoying virus removal headaches to serious and costly outages caused by it encrypting data on any client computer on the LAN.

A real security-focused OS, configured and managed competently.

ITwrx installs, hand-configures and remotely-manages updates and any necessary configuration changes to OpenBSD or Alpine Linux on industrial computer-based, dedicated firewall machines, starting at 1 "Factory Hour" per month, after initial configuration and deployment.

Available/Possible Firewall Features

  • -- PF or nftables-based firewall, hand configured for your use case.
  • -- TLS-encrypted connection to upstream Malware-blocking DNS server, with DNS caching server for the LAN clients' DNS queries.
  • -- Domain blocking via DNS.
  • -- DHCP server and routing for the LAN
  • -- Wifi Access Point
  • -- Secure remote access to LAN clients via VPN, RDP, SSH, etc.
  • -- Secure or public access to intranet services, port forwarding, etc.
  • -- Hosting networked applications on the LAN side of the firewall, when a dedicated server machine is not necessary.
  • -- Probably other things we're forgetting.

If you have any questions about your use case feel free to let us know. Thanks!