Re: [fw-wiz] Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG)

Robert A Beken wrote:
I have a question for the group about this new trend of using a single
firewall for all IDS and Firewall related tasks in an integrated box for
enterprise organizations (not SOHO). I personally think it's a bad idea
and lacks flexibility in configuration and "defense in depth" posture
towards security. What are other people's thoughts?

IMHO, single points of failure are /*NEVER*/ appropriate. In the part
of the world from which I come, we even use firewalls from two different
vendors on the internet-facing side and the internal-facing sides of a
DMZ. On my home network I run two different firewalls, have two
different AV packages on each machine, HIDS and firewalls on each
machine, two different anti-adware and two different anti-spyware
packages on each of the Windoze boxes. No single vendor can ever cover
all the bases of any one "anti-", much less do it all . . . The idea of
using "an integrated solution" runs counter to everything we've been
doing in the "defense in depth" space . . .

FWIW.

/g

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards