RE: [fw-wiz] RE: PIX vs Checkpoint vs Sonicwall vs Netscreenh
From: manatworkyes moderator (devekboy@hotmail.com)
Date: 08/04/02
- Next message: David Lang: "Re: [fw-wiz] Is the order of the rules entered in iptables important?"
- Previous message: Paul D. Robertson: "RE: [fw-wiz] Sourceforge sending out passwords in the clear (forwarded message from Barry A. Warsaw)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "manatworkyes moderator" <devekboy@hotmail.com> To: firewall-wizards@honor.icsalabs.com Date: Sun Aug 4 17:13:01 2002
Roger Marquis said:
>>WRT to comparisons, we've read a log of generalities but not many
>>specifics. Is there a chart somewhere which lists the relevant
>>(read: non-marketing) features? In particular:
In my opinion, adding the "V" sign next to a list of so-called non-marketing
features will provide a false description. For example, lets examine some of
the points that you've mentioned:
SSH - is it version 1 or version 2? is it possible to define list of allowed
sources that can ssh the system?
CLI - are all the options manageable through CLI ? What about log filtering
or reading ?
HTTP- what type of httpd the system is using ? Is it using unpatched version
of Apache ?
SYSLOG - How logs are transfered to the syslogd ? what happens when the
syslogd is down? what type of DOS attacks the syslog is protected from ?
TFTP - Is it truely secure (Ask CERT about it :-)
Configuration - where are RPC services ? Where are hig level protocols like
SMTP / HTTP etc ?
I hope that i made myself clear.
DB
Manageability:
[] serial console?
[] telnet/cli interface?
[] ssh/cli interface?
[] http/gui interface?
[] java/gui interface?
[] syslog support?
[] configurable log verbosity?
[] snmp/v2/v3?
[] tftp backup & upgrade?
[] text-based configuration file?
[] multi-firewall management tools?
Configuration:
[] ip, tcp, udp, and icmp protocol type filtering?
[] port-range filtering?
[] application layer inspection (activex, javascript, flash, im, ...)?
[] separate ACLs for incoming and outgoing interfaces?
[] separate ACLs for all interfaces?
[] stateful filters?
[] NAT/PAT/... options?
[] tcp sequence validation?
[] IDS support?
Large Site:
[] high-bandwidth options?
[] failover?
[] load-balancing?
[] IPSec VPN support?
[] interoperable IPSec VPN support?
Support:
[] searchable online documentation?
[] newsgroup?
[] 24*7*365 support?
[] 2h phone & email support?
[] free and/or inexpensive OS upgrades?
Vendor Reliability:
[] reasonable pricing?
[] straightforward licensing?
[] history of profitability?
[] accounting irregularities?
[] VC funded?
[] long-term product support (unlike NA's pgp)?
[] history of vulnerabilities?
[] timely bug fixes?
...
_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com
- Next message: David Lang: "Re: [fw-wiz] Is the order of the rules entered in iptables important?"
- Previous message: Paul D. Robertson: "RE: [fw-wiz] Sourceforge sending out passwords in the clear (forwarded message from Barry A. Warsaw)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
