On Tue, 27 Jun 2000 19:29:39 +0800, Don Balunos
<don(_dot_)balunos(_at_)neuronet(_dot_)com(_dot_)my> said:
now i'm out-sourcing a best firewall system for our company so can =
anyone help me on this.
First off, you didn't specify how "best" was defined. The "best" solution
will depend on a lot of things, including organization size, type of business,
connectivity required (both total bandwidth and number/types of ports/protocols
needed). I've seen very effective firewalls constructed out of an old PC
with a 386 chip, an ethernet card, and a 56K modem running KA9Q. I've seen
similar gear running Linux with 'ipchains' filtering. Both of those would
melt down in our routing swamp if forced to drink from our multiple OC12s.
Secondly, to paraphrase the breakfast cereal companies, "Firewalls are
a part of a *complete and balanced* security breakfast". Note that the
recent rash of Outlook e-mail based viruses had *no* problem penetrating
most firewalls, and a similar attack could easily install a back-channel
trojan that connects back to the attacker from within....
If your organization thinks that a firewall will "solve" any security problems,
they are in for a seriously rude awakening. If they're approaching it as
*one part* of an *overall* security scheme, that's a different story...
--
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
pgp0PwFAuReE3.pgp
Description: PGP signature