Re: firewall help
From: Daniel G. Epstein (depstein@uchicago.edu)Date: 02/21/02
- Next message: HITMAN: "Re: firewall help"
- Previous message: Mark H. Wood: "Re: Kiss and say goodbye to Microsoft!!"
- In reply to: HITMAN: "Re: firewall help"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Daniel G. Epstein" <depstein@uchicago.edu> Date: Thu, 21 Feb 2002 16:27:12 GMT
HITMAN <windows2000server@os.dk> wrote:
> Holly Mooney wrote:
>> I just came into a situation where I have a 4.0 standalone server with
>> 3 workstaions connected to a DSL. Would zone alarm work with this or
>> should I look at the "big" companies such as symantec or mcafee?
>>
> Yot must have a real firewall and will recommend folowing.
>
> 1. Cisco 501 (hardware firewall and price about 800$ in Denmark)
> 2. Raptor (Software firewall about 1000$ in Denmark)
> 3. Sonic (hardware firewall and price about 700$ in Denmark)
>
> The personal firewall is not safe but only for personal use.
Hey HITMAN,
I'm not sure I agree. While it is true that, when properly managed, a
dedicated firewall will provide better reliability and superior
protection, a four host site without high security needs may not
warrant (or be able to afford) such a device. For that matter, even
with a dedicated firewall, I still think that host based packet
filtering on the machines behind it is a good idea, and neither is a
substitute for proper system patching and management. Ideally, your
systems should be configured such that a firewall is unnecessary
(obviously this is seldom possible, esp. with Windows).
M. Mooney, I think that you should take a look at the options available
and see which best suits your environment. You need to consider issues
like:
o The amount of bandwidth you are protecting and its average utilization.
o Whether you want to use some sort of VPN between these machines or
with remote sites.
o What level of vendor support you require.
o Ease of monitoring, log analysis, and administration.
o How secure/stable your environment needs to be vs. the cost you can
put into the project.
Personally, of the Windows host-based packet filtering packages I have
played with, I like Tiny Personal Firewall from www.tinysoftware.com.
It has some decent options for Windows specific networking while
allowing you to have better control over the rule-sets than ZoneAlarm.
I am not a big fan of Symantec's or NAI's solutions because they tend
to bundle too many features together, but I will admit that I have not
spent a lot of time testing them either. Tiny Software also has a
larger package that competes with these products providing NAT and
other related services as well. I'll mention that I have not stress
tested TPF and would not recommend any of these options in a high
availability or highly sensitive security environment.
Cheers,
Dan
--
A boast of "I have been's," | Daniel G. Epstein
quoted from foolscap tomes, | Network Security Officer,
is a shadow brushed away | Network Security & Enterprise
by an acorn from an oak tree | Network Systems Administration
or a salmon in a pool. | NSIT, The University of Chicago
| depstein@uchicago.edu
- Next message: HITMAN: "Re: firewall help"
- Previous message: Mark H. Wood: "Re: Kiss and say goodbye to Microsoft!!"
- In reply to: HITMAN: "Re: firewall help"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
