Re: [fw-wiz] Firewalls Compared
From: Dave Piscitello (yodave_at_hargray.com)
Date: 06/21/04
- Previous message: Christopher Lee: "RE: [fw-wiz] Re: Firewalls Compared"
- In reply to: Paul D. Robertson: "Re: [fw-wiz] Firewalls Compared"
- Next in thread: Ryan M. Ferris: "Re: [fw-wiz] Firewalls Compared"
- Reply: Ryan M. Ferris: "Re: [fw-wiz] Firewalls Compared"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Paul D. Robertson" <paul@compuwar.net>, kashif <kashif@nci.com.pk> Date: Mon, 21 Jun 2004 16:02:00 -0400
Paul, good list (I'd love to have your permission to publish it at
LOOP.interop.com, with your attribution, of course). I would add:
11. What methods does the firewall provide to assist me in
asserting my security policy is enforced: specifically, are
the log entries generated sufficiently detailed?
12. Perhaps included in your thinking regarding upgrade path,
but authentication rather than performance-focused: does the
firewall support all present and projected auth methods; if
PKI, who's certs?
I'd also add related checks if you intend to use
an IPsec VPN for remote access
- origin of client SW (who wrote it),
- availability of non-Windows clients (if appropriate),
- reliability/track record of client SW vis-a-vis install across
different Win OS and hardware
- suitability of client for use with other firewalls (if multi-
organizational collaborative/B2B/B2C is something you must satisfy)
- client policy administration/enforcement method
I know this goes beyond "just a firewall" so if O/T ignore.
At 11:47 AM 6/21/2004 -0400, Paul D. Robertson wrote:
>1. How well do the boxes implement my proposed security policy.
>2. Do they pass testing for implementing my security policy.
>3. How do the boxes perform implementing my security policy[1.]
>4. What is my upgrade path should my performance requirements change?
>5. How well can the devices be administered by multiple levels of
> people if my security policy defines and requires such.
>6. Historically, how well has the vendor done.
>7. What does it take to make them fall over. If you can't make them fall
> over, you're not testing hard enough.
>8. How intuitive is my security policy when added to the systems.
>9. Failover/backup issues (test both.).
>10. License issues (how do they handle license failure, and how long
>does it take to recover.)
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Christopher Lee: "RE: [fw-wiz] Re: Firewalls Compared"
- In reply to: Paul D. Robertson: "Re: [fw-wiz] Firewalls Compared"
- Next in thread: Ryan M. Ferris: "Re: [fw-wiz] Firewalls Compared"
- Reply: Ryan M. Ferris: "Re: [fw-wiz] Firewalls Compared"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
