RE: What firewall?
From: Nicko Demeter (nicko@siterra.com)Date: 11/14/01
- Previous message: mstevenson@quickhire.com: "RE: SNMP security"
- Maybe in reply to: martin@jonkoping.org: "What firewall?"
- Next in thread: dwhoward@cableaz.com: "RE: What firewall?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Subject: RE: What firewall? Date: Wed, 14 Nov 2001 11:22:17 -0800 Message-ID: <512CB547BE60CD47A75A5A969E10FE10027FC0@mail.internal.siterra.com> From: "Nicko Demeter" <nicko@siterra.com> To: "Gordon McKinnon" <gordon.mckinnon@medexact.com>, <martin@jonkoping.org>, <security-basics@securityfocus.com>
I completely disagree with that statement. It is my experience that a
firewall is as secure as it's underlying OS and hardware. Meaning that
a) your firewall is as secure as NT is (riiiiiiight) and b) I really do
not appreciate getting called at 3 in the morning because the hard drive
of the firewall failed.
I personally am a strong advocate of the Netscreen firewalls
(www.netscreen.com). Closed-source OS and no movable hardware. I do
agree however that your firewall better have a console port and a
command interface for when all else fails (which Netscreen has anyways).
Nicko
-----Original Message-----
From: Gordon McKinnon [mailto:gordon.mckinnon@medexact.com]
Sent: Tuesday, November 13, 2001 11:11 AM
To: martin@jonkoping.org; security-basics@securityfocus.com
Subject: Re: What firewall?
I would strongly recommend getting a firewall that runs on a box you can
log
into. We have a WatchGuard Firebox, and it works, but it is hard to
troubleshoot problems (look at the logs and hope the linux syslog
messages
made it through etc.). We had a hardware issue with it, and, as we
could
not get a command prompt or open the box, it took a while to convince
them
to replace it (the replacement has been up for three months, no
downtime).
I would recommend a software firewall running on Unix or PC hardware,
and
linux or unix software (NT/2000 is a viable alternative, but I'd have
more
confidence in the lin/unix solution reaching years of continuous
uptime).
Troubleshooting a system where you can access the O/S is much easier
(and
you can configure the important parts read only, as on the WatchGuard
boxes,
if you need the security), and you get a lot more options for
configuration
(at least if you use a firewall with lots of features e.g. CheckPoint).
Gordon
-----Original Message-----
From: martin@jonkoping.org <martin@jonkoping.org>
To: security-basics@securityfocus.com
<security-basics@securityfocus.com>
Date: Tuesday, November 13, 2001 12:44 PM
Subject: What firewall?
>
>Hi!
>
> I\'m about to buy a firewall, and I wonder if you people could give me
some advices that could help me decide which one that fits me best. See,
I\'m quite new with this.
>
> So, this firewall should protect a quite big serverpark. It has to
deal
with a lot of information. It might be necessary to use two devices. If
it
is, the information will be divided upon these two with a load balancer.
No
special needs for VPN.
>
> I\'ve been thinking about using Watchguard Firewall 2500 or 4500. I
know
that 4500 handles VPN though.
>
> Is this a good choice? Is there sites on the net where products are
compared and where you could see the good and the bad of each one?
>
>Thanks / Martin Andersson
>
>
- Previous message: mstevenson@quickhire.com: "RE: SNMP security"
- Maybe in reply to: martin@jonkoping.org: "What firewall?"
- Next in thread: dwhoward@cableaz.com: "RE: What firewall?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
