Re: [fw-wiz] Firewalls Compared

From: Paul D. Robertson (paul_at_compuwar.net)
Date: 06/21/04

  • Next message: Ben Nagy: "RE: [fw-wiz] OT: port knocking.. getting there"
    To: kashif <kashif@nci.com.pk>
    Date: Mon, 21 Jun 2004 11:47:08 -0400 (EDT)
    
    

    On Mon, 21 Jun 2004, kashif wrote:

    > Hi,
    >
    > I want to compare two firewall ( Technical Aspects ) only PIX Vs Checkpoint
    > has anybody done anything similar or could point out "what aspects" do we
    > need to compare.
    >
    >

    1. How well do the boxes implement my proposed security policy.
    2. Do they pass testing for implementing my security policy.
    3. How do the boxes perform implementing my security policy[1.]
    4. What is my upgrade path should my performance requirements change?
    5. How well can the devices be administered by multiple levels of
        people if my security policy defines and requires such.
    6. Historically, how well has the vendor done.
    7. What does it take to make them fall over. If you can't make them fall
        over, you're not testing hard enough.
    8. How intuitive is my security policy when added to the systems.
    9. Failover/backup issues (test both.).
    10. License issues (how do they handle license failure, and how long
    does it take to recover.)

    Paul
    [1.] I once missed the perfect chance for a rejoinder when a certain
    firewall developer said "I've written things which scale well with
    authentication, so I'm basing this on my experience." I should have
    replied "I tried to deploy your product with authentication on, and it
    scaled not one bit, so I'm questioning your information based on my
    experience."
    -----------------------------------------------------------------------------
    Paul D. Robertson "My statements in this message are personal opinions
    paul@compuwar.net which may have no basis whatsoever in fact."
    probertson@trusecure.com Director of Risk Assessment TruSecure Corporation
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Ben Nagy: "RE: [fw-wiz] OT: port knocking.. getting there"

    Relevant Pages

    • Re: Domain Issues XP
      ... Not like I just added a few XP boxes to my LAN ... >Controller Security Policy and the Local Security Policy ... >domain controllers to see if it helps. ...
      (microsoft.public.win2000.networking)
    • Re: Domain Issues XP
      ... Controller Security Policy and the Local Security Policy on the domain controllers to ... as that can cause problems with XP boxes, and that the XP boxes are not requiring it ...
      (microsoft.public.win2000.networking)
    • Re: automating trust of assembly keys
      ... > Paul - ... there are managed APIs for changing security policy (look at ... >> internet zone as well as the intranet zone. ... >> Is there a straightforward way of doing this in an installation project ...
      (microsoft.public.dotnet.security)
    • Re: [fw-wiz] Botnets, IRC servers and firewalls?
      ... the security policy needs to relect the business need for connectivity. ... I've yet to see a business need for BotNet clients to run successfully;) ... Paul D. Robertson "My statements in this message are personal opinions ...
      (Firewall-Wizards)