ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Firewall System

2000-06-27 22:40:03
from [Garreth Jeremiah] [Permanent Link] 
However - as a start, look at both open source and "commercial" products - a
few names:

Checkpoint - huge user community plus industry suport for more complete
solutions using OPSEC ( not as "complete as some others though ).  Has ability
to manage other infrastructure components ( only filters ) such as Ciso PIX,
routers etc.

Cisco - PIX Firewal - I personally don;t recommend this firewall at present,
but it does have the cisco product suite behing it, including net ranger

AXENT - A more complete security suite - Raptor Firewall, ESM compliance
monitor (host) net recon culnerability analysis ( network based ) and Intrusion
detection through IA, net prowler.  Recently integrated "like" components
together.

In choosing try to consider border protection ( firewall ) intrusion detection
( IDS ) and policy compliance ( compliance monitoring ).  Then in the midst of
this comes virus scanners / email scanners ( at border and internally ) content
security/filtering.  If you do not have a security policy - then this should
probably be your first step ( for both the border and the internal network )

Remember that you must ensure that skills to manage the security components
added.  It is useless to add them and just expect them to make you "secure". 
They will not.  IDS need tuning, policies need reviewing process need creating,
firewalls need monitoring, someone needs to know how to respond the Intrusion
Detection alerts etc.

I suggest that perhaps ( if you can afford it ) you either outsource the work,
or call in a security solutoiins group ( not necessarily a re-seller or
developer of tools )

Garreth J Jeremiah
IT Security Specialist

On Tue, 27 Jun 2000, Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu wrote:


On Tue, 27 Jun 2000 19:29:39 +0800, Don Balunos 
<don(_dot_)balunos(_at_)neuronet(_dot_)com(_dot_)my>  said:

now i'm out-sourcing a best firewall system for our company so can =
anyone help me on this.


First off, you didn't specify how "best" was defined.  The "best" solution
will depend on a lot of things, including organization size, type of business,
connectivity required (both total bandwidth and number/types of 
ports/protocols
needed).  I've seen very effective firewalls constructed out of an old PC
with a 386 chip, an ethernet card, and a 56K modem running KA9Q.  I've seen
similar gear running Linux with 'ipchains' filtering.  Both of those would
melt down in our routing swamp if forced to drink from our multiple OC12s.

Secondly, to paraphrase the breakfast cereal companies, "Firewalls are
a part of a *complete and balanced* security breakfast".  Note that the
recent rash of Outlook e-mail based viruses had *no* problem penetrating
most firewalls, and a similar attack could easily install a back-channel
trojan that connects back to the attacker from within....

If your organization thinks that a firewall will "solve" any security 
problems,
they are in for a seriously rude awakening.  If they're approaching it as
*one part* of an *overall* security scheme, that's a different story...

-- 
                              Valdis Kletnieks
                              Operating Systems Analyst
                              Virginia Tech




----------------------------------------
Content-Type: application/pgp-signature; name="unnamed"
Content-Transfer-Encoding: 7bit
Content-Description: 
----------------------------------------
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  MAC Address., Sriram Shanmugam
Next by Date:  Re: The Non-IETF Informational RFC Publication Fiction, Patrik Fältström
Previous by Thread:  Re: Firewall System, Valdis . Kletnieks
Next by Thread:  RTSP vs RTCP & Layered encoding with multi-RTP channels, Nikki Cranley
Indexes:  [Date] [Thread] [Top] [All Lists]