Re: [fw-wiz] OT: vendors please respond
From: Paul Robertson (proberts_at_patriot.net)
Date: 09/26/03
- Previous message: Sloane, David: "RE: [fw-wiz] snpp"
- In reply to: admin security Mehta: "[fw-wiz] OT: vendors please respond"
- Next in thread: Robert L. Wanamaker: "RE: [fw-wiz] OT: vendors please respond"
- Reply: Robert L. Wanamaker: "RE: [fw-wiz] OT: vendors please respond"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: admin security Mehta <mehta_kumar47@rediffmail.com> Date: Fri, 26 Sep 2003 12:10:13 -0400 (EDT)
On 26 Sep 2003, admin security Mehta wrote:
> Greetings all,
[Vendors can respond directly to the queryant, as can the legeons of
faithful for $freeware products. I'll entertain interesting threads for
the community on-list only.]
>
> My company is looking for security devices for its network of
> branches.
> I posted this mail here because I need experts choice.
> I was in doubt whether my earlier mail is posted or not so I
> subscribed for this mailing list to post my query.
I've seen somewhere north of 65 different commercial firewall products up
at ICSA Labs soaking up power. If there was a single firewall that was
the firewall of choice, the market wouldn't support more than about 4
products.
> We are looking into the following features:
> -stateful inspection firewall
Stateful inspection is a trademark, and limits you to two choices. You
need to start with a security policy and decide which technologies support
the protocols the business needs. Then choose the products that best
encapsulate those features.
> - support most used applications( ALGs)
Most ALGs don't spend their dev time well on state, and most stateful
firewalls dont' spend their dev time well on ALGs. You're basically
saying, "I'd like a vehicle capable of running in the GT race series, and
I'd like to have it seat 60 children on their way to school!"
Trying to pick a single product that does everything is doomed to
mediocrity at best. You want multiple products. More importantly, you
want to figure out what protocols you want to use which technologes for
and *why*.
You've got a shopping list of firewall buzzwords, and not much else.
That's a poor way to choose a firewall.
> - Powerful attack detection engine
This sounds like buzzworditis from a marketing brochure...
> - VPN
> a) IPSec/IKE
> b) L2TP over IPSec to use WIN XP VPN client
> c) LDAP,SCEP
> d) Hub and spoke support
You really want a VPN solution for VPN stuff if you have requirements to
support lots of different VPNs. Anything as complex as a VPN that's
supporting that many protocols is bound to be full of implementation
issues though, so don't think of it as part of the security
infrastructure!
> NOTE: My company prefers Indian based products.
Throwing geographic criteria on top of a laundry list of product criteria
is likely to doom you to failure.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
proberts@patriot.net which may have no basis whatsoever in fact."
probertson@trusecure.com Director of Risk Assessment TruSecure Corporation
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Sloane, David: "RE: [fw-wiz] snpp"
- In reply to: admin security Mehta: "[fw-wiz] OT: vendors please respond"
- Next in thread: Robert L. Wanamaker: "RE: [fw-wiz] OT: vendors please respond"
- Reply: Robert L. Wanamaker: "RE: [fw-wiz] OT: vendors please respond"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
