RE: product reviews

From: Gregory_DeGennaro@csaa.com
Date: 08/07/01


Message-ID: <97E963187BE1D211AF210008C7916094062C8765@EXCHMO03>
From: Gregory_DeGennaro@csaa.com
To: simon@derision.net, focus-ids@securityfocus.com
Subject: RE: product reviews
Date: Tue, 7 Aug 2001 10:03:41 -0700 

Simon,

Big Budget recommendations:

Firewall - PIX or Firewall-1 - make sure to monitor this continuously and
update when a patch or update is released. Just likre reporting a crime to
the police, the sooner you block a hacker the better.

IDS - ISS's product (http://www.iss.net/) product

Small Budget - OpenBSD, not Linux, and IPF filtering. Read up on OpenBSD at
www.openbsd.org. Plus, port mapping or IPnat.

IDS - snort is good with continuous monitoring and updating of the ruleset
or binary.

It really all depends on how much administering, knowledge, and the
enterprises needs.

I use OpenBSD with snort at home and I block everything. Not even nmap can
penetrate my Firewall. I look dead to them. However, everything is done by
command line. In the future I am going to add routers for extra defense.

I would make sure that you have a DMZ and an internal LAN.

I am sure that you will be flooded by replies. Take the best of each reply
and you will have an awesome security system.

Looking back on your email, I would say that MS ISA or www.surfcontrol.com
product would be good, plus Firewall-1 or PIX, and ISS's product for the
technical level of your staff. They all use GUI interfaces and are easier
to manage. For the firewall, PIX and FW-1 may still be too complicated, you
may have to go with Sonicwall (www.sonicwall.com) as an option.

Greg

-----Original Message-----
From: Simon [mailto:simon@derision.net]
Sent: Tuesday, August 07, 2001 9:29 AM
To: focus-ids@securityfocus.com
Subject: product reviews

Dear Focus-IDS folks,

I'm managing the deployment a new business onto the web, and reviewing a
number of options for perimeter security- firewalls and IDS boxes, and
looking for experiences and thoughts from people on the best alternatives to
deploy.

The general requirement is:
 * SME not enterprise business size (and budget)
 * strong protection of commercial site
 * simple configuration (not H.A or clustering)
 * low-technical background of support staff
 * centralised management and reporting
 * low number of physical boxes to go into co-location hosting
 * bandwidth usage should be relatively low (1mb max traffic)
 * 10 I.P addresses / devices to protect.
 * Quick to deploy (go-live is in 4 weeks)
 * Green-field site - nothing in place at the moment so free hand in
technology choices
 * Environment is Mixes Windows 2000 and Linux (slackware or Red Hat) = no
platform constraints

Initial candidates are:

Firewall
=====
Cisco PIX 515-R
Intrusion.com PDS5100 (Check Point FW-1 in a box)
Watchguard firebox
Check Point FW-1 NG on 1U rack server
Microsoft ISA 2000/Win2k
Linux & IPTables

IDS
==
Snort & Linux
Check Point RealSecure 5
Cisco IDS software
Intrusion.com SecureNet PDS5000

Any others you feel I've missed?

I'd appreciate any comments (polite!) or feedback on selection, pointers to
reviews, product suitability, ongoing ownership and manageability of any of
the products. Strictly no technology-holy-wars or ranting - I'm looking for
practical help please?

Thanks
Simon

Simon Plant, CISSP



Relevant Pages

  • Re: Is there a reliable firewall product for Windows XP yet?
    ... I don't put a lot of weight on product reviews. ... > both ZoneAlarm Pro 3 and Sygate Personal Firewall Pro 5. ... > If there is a more appropriate news group to post this message, ... > to install a product to protect my then new PC, ...
    (comp.security.firewalls)
  • Re: Which Firewalls should I look at?
    ... > I need to buy a firewall to install on the following small office setup. ... > Web server, Ftp Server, E-mail Server that needs to be ... > DHCP for the 15 computers is already taken care of by our server ...
    (comp.security.firewalls)