Re: all-in-one vs one-on-each (feat. Comercial vs FOSS)

From: Alex <alex.tsr@xxxxxxxxx>
Date: Sun, 25 May 2008 12:50:54 +0300

-----Original Message-----
From: Ansgar -59cobalt- Wiechers <bugtraq@xxxxxxxxxxxxxxxx>
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: Re: all-in-one vs one-on-each (feat. Comercial vs FOSS)
Date: Sat, 24 May 2008 17:38:12 +0200

On 2008-05-24 Alex wrote:

I would like some opinions, again.
For a fixed budget would you go for
* an all-in-one "Firewall" ( FW+IPS+VPN+...) ie. Checkpoint,
* a dedicated, known and expensive firewall/gateway with the company of
an Open Source solution for IPS, URL filtering etc?
* a full Open Source solution (iptables,snort,ossec,squid etc) and
spend the money elsewhere :)

The things that concern me are,

Redundancy. I can live without IPS for a while but not without Internet
( and by "I" I mean "The Company")
Scalability. Not only performance-wise but cost-wise too. I think that
having to pay for every "extra feature" is going to lead to Open Source
anyway...
Complexity. Better to manage one than more, right?...

The answer to your question depends heavily on the actual requirements,
your network topology, your admins' expertise, and what kind of "fixed
budget" you have.

Regards
Ansgar Wiechers

Lets say that,
the admins expertise is not a concern,
the network is a simple one, several internal vLANS and a DMZ with a
dual-ISP internet connection,
the budget is $10k

To make things clearer I'm not necessarily looking for the cheapest
solution. I want to know where would you put more weight (money). Is it
better to buy a $10k firewall + Snort, a $5k firewall + $5k IPS, a $10k
all-in-one solution.
i.e. would a commercial IPS justify its $5k against Snort?

Thanx again.

Follow-Ups:
- Re: all-in-one vs one-on-each (feat. Comercial vs FOSS)
  - From: Mike Hale

References:
- all-in-one vs one-on-each (feat. Comercial vs FOSS)
  - From: Alex
- Re: all-in-one vs one-on-each (feat. Comercial vs FOSS)
  - From: Ansgar -59cobalt- Wiechers

Prev by Date: Re: DSS (Passing an audit is NOT compliance!)
Next by Date: Re: DSS (Passing an audit is NOT compliance!)
Previous by thread: Re: all-in-one vs one-on-each (feat. Comercial vs FOSS)
Next by thread: Re: all-in-one vs one-on-each (feat. Comercial vs FOSS)
Index(es):
- Date
- Thread

Relevant Pages

Re: Secure WAN Setup (Possibly off topic?)
... > The budget for this setup is probably less than $5000 though thats ... If that budget includes costs for initial setup and first year for ... performance than the internet, the internet isn't really all that ...
(Security-Basics)
Re: they are staring between major, by way of generous, in support of mature jackets
... Otherwise the interior in Cyrus's budget might cross some casual rugs. ... Many Sybase database passwords, including SA passwords ... People working on their own businesses while within Salomon ... Internet to RadioMail's tr ...
(sci.crypt)
Re: Firewall input output on the same physical network - will this work!
... If budget is a concern, how about ditching netscreen and use a linux / bsd ... Not using 2 network cards is can be a little like leaving a door half open.. ... > system and connect all our 9 desktop PCs to the internet. ... > We will use NAT through a Netscreen 5-XP firewall. ...
(comp.security.firewalls)
Re: Gold
... Buy at 40cents on the dollar, and sell for 90cents on the ... a budget. ... Think of it as a long term savings plan. ... internet. ...
(misc.survivalism)
financial spreadshee
... I'm trying to create a 'check register' with budget worksheets where the ... CR entry of 1400.00 with an entry type of 'Fixed' would copy to the debit ... column of the 'Fixed Budget' page. ...
(microsoft.public.excel.worksheet.functions)