Re: which firewall
From: black (blackheadph@hotmail.com)Date: 05/28/02
- Next message: LCZ: "Re: quick question"
- Previous message: chris@nospam.com: "Re: which firewall"
- In reply to: Peter Larsen: "Re: which firewall"
- Next in thread: Eirik Seim: "Re: which firewall"
- Reply: Eirik Seim: "Re: which firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: blackheadph@hotmail.com (black) Date: 27 May 2002 20:36:39 -0700
Peter Larsen <plarsen@mail.tele.dk> wrote in message news:<3CF0E6EC.B85E9A21@mail.tele.dk>...
> Ernie wrote:
>
> > My company's web server is a Win 2K box, IIS, a few hundred
> > to a few thousand hits a day. We're looking for a firewall
> > product.
>
why doesn't anyone? recommend a dedicated network appliance firewall.
there are several appliance firewall out in the market.
one of the best is cisco pix a stateful packet inspection firewall
unlike
software based unix firewalls which is mainly a packet filter device.
if you are concerned about budget, and the skills for the
administration of
firewalls, there is the sonic firewall. which can be easily
administered
via a browser, Sonic appliances are solid state devices, which means
that
no mechanical parts like fan or hard drive are made of it.
that means more realiable and less administrative cost.
for small sites.. a sonic SOHO firewall will connect you securedlyon
the internet in a jiffy.. ;)
> Get a dedicated hardware firewall. Such may be a box with FreeBSD or
> Linux, having "the other os" on the firewall is a good idea no matter
> what OS is behind it.
>
> > Ease of administration is very important and low cost is
> > somewhat important. Suggestions?
>
> Cost of ownership and over the counter price are different concepts. A
> good ready made firewall box costs, setting all the free stuff up on
> "the old machine from the basement" costs crew hours. What is cheapest?
>
> > My boss has a copy of Norton Personal Firewall 2001 which
> > he wants me to install. Opinions?
>
> By all means, he is your boss, if he wants you to install it on his home
> computer and pay you good money for so doing, do it! - if you ask
> whether it - or Zonealarm - will be better than doing nothing, then the
> answer is yes.
>
> I think it is fine that you want to protect what is behind the webserver
> with a firewall. Putting a software firewall on the webserver makes any
> port scan a valid denial of service attack. Making the webserver lean
> and having *only* what is needed on it actually running on it and having
> a firewall and a domain border behind it MAY be a more applicable
> strategy.
>
> If you rely on that server for other functionality than webserving, then
> build a dedicated webserver, THEN it may be acceptable in a real world
> to also have firewall software running on it. (Microsoft Proxy 2.0 is
> also a firewall btw. - as for whether it has "issues" other than that
> config'd safety is a matter of setup is unknown to me) - be it an old
> p120 or better with 64 megs of ram with NT4 or same machine with FreeBSD
> or Linux, choose your preferred brand of security hole.
>
> > Thank you,
> >
> > Ernie
- Next message: LCZ: "Re: quick question"
- Previous message: chris@nospam.com: "Re: which firewall"
- In reply to: Peter Larsen: "Re: which firewall"
- Next in thread: Eirik Seim: "Re: which firewall"
- Reply: Eirik Seim: "Re: which firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
