[fw-wiz] FirePass questions

From: john.smith@minolta-qms.com
Date: 02/14/03

Next message: Perrymon, Josh L.: "RE: [fw-wiz] insecurity in internet connection thro cable modems"

Previous message: Reckhard, Tobias: "RE: [fw-wiz] Allowing DNS servers to operate behind NetScreen 500"
Next in thread: yossarian: "Re: [fw-wiz] FirePass questions"
Reply: yossarian: "Re: [fw-wiz] FirePass questions"
Reply: Ben Nagy: "Re: [fw-wiz] FirePass questions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: firewall-wizards@honor.icsalabs.com
From: john.smith@minolta-qms.com
Date: Fri, 14 Feb 2003 10:37:46 -0600

Greetings Everyone,

I've searched through the 2002 and 2003 Bugtraq, Firewall Wizards and VPN lists and not come up with anything.

A group within our company is looking at the FirePass appliance (www.uroam.com). The appliance appears to work by punching a hole through your firewall and offers a whole range of services.

My opinion is that this is a *very* bad thing:

        a) The group wants connectivity from a large enough number of locations that filtering would be next to impossible, if not impossible, therefore we would have to allow access to it from the whole world.
        b) We would eliminate the firewall from the security equation.
        c) We would be depending on the security of the appliance to protect the corporation, and it is designed to *grant* access, not prevent or deny it.

My questions:

        1) Does anyone have any experience with the FirePass?
        2) Is there a way to securely offer access to this box?
        3) Am I totally off base in my above assumptions and my analysis of the appliance?

Chances are I will be required to install this box. In this case the middle ground I am shooting for is only granting access to the box via VPN (even though they are eliminating 'traditional' VPN from the picture according to their literature). We already use VPN, so to me only allowing external access through the VPN is a trade-off - our security stance is no worse than it was before.

Thanks for all your help.

js
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Next message: Perrymon, Josh L.: "RE: [fw-wiz] insecurity in internet connection thro cable modems"
Previous message: Reckhard, Tobias: "RE: [fw-wiz] Allowing DNS servers to operate behind NetScreen 500"
Next in thread: yossarian: "Re: [fw-wiz] FirePass questions"
Reply: yossarian: "Re: [fw-wiz] FirePass questions"
Reply: Ben Nagy: "Re: [fw-wiz] FirePass questions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]