RE: [Firewalls] Firewall choice for web hosting
From: Bill Lavalette (billl@cyberbase7.com)Date: 07/24/02
- Next message: Stephen Gill: "Re: ICMP redirects are ba'ad mkay?"
- Previous message: Jeff Cochran: "(no subject)"
- In reply to: Dean Smith: "Firewall choice for web hosting"
- Next in thread: karl [x y]: "Re: Firewall choice for web hosting"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Bill Lavalette" <billl@cyberbase7.com> Date: Wed, 24 Jul 2002 15:06:53 GMT
Dean -
Checkpoint Firewall/VPN-1 NG is far superior to Cisco in many ways, the fact
that it sits on top of a another OS is in my opinion irrelevant. Regardless
of firmware/OS you always have to maintain the vendor software. there are
many ways to defeat the OS conundrum. As with anything the machine is as
secure as the experience building it. if one takes their time to build a
hardened machine the amount of work maintaining would be the same as
firmware upgrades. Example we use a NT box C2 hardened been up for almost a
year with zero problems. Also if properly set up no one will be able to
connect to your firewall machine anyways. I think you will be impressed with
Check Point. One thing you might want to check out is their Secure Platform
a prehardened Linux OS. NG+Secure Platform Blows all the other firewall
vendors away performance/feature wise.
Hope this helps
Regards
Bill
Chief Security Officer
CyberBase7 Security Services METRO-SOC
Email:Operations@cyberbase7.com
WWW:http://www.cyberbase7.com
-----Original Message-----
From: firewalls-admin@section5.cyberbase7.com
[mailto:firewalls-admin@section5.cyberbase7.com]On Behalf Of Dean Smith
Sent: Wednesday, July 24, 2002 6:03 AM
To: firewalls@section5.cyberbase7.com
Subject: [Firewalls] Firewall choice for web hosting
I am looking into a new firewall choice for organisation I have just
joined which hosts a very large volume web site.
Normally I would use Cisco PIX products, a choice based somewhat on my
familiarity with Cisco kit and their good security record, but this
has been in situations where I also needed to send outbound corporate
traffic out through the same network. The PIX has a few niggles, such
as the alias command and PDM, that make the hosting part slightly more
difficult than needs be.
For a hosting only solution I am wondering if there is a better
solution, Firewall-1 being my current second choice.
I would be interested in peoples thoughts of this, especially in terms
of stabailty, security and ease of management for web hosting. One
concern I have with FW-1 is that it runs on top of another OS and
flaws int he OS may expose the firewall to attack. Does the Nokia FW-1
product suffer from this short coming ?
Thanks
Dean Smith
_______________________________________________
Firewalls mailing list
Firewalls@section5.cyberbase7.com
http://section5.cyberbase7.com/mailman/listinfo/firewalls
- Next message: Stephen Gill: "Re: ICMP redirects are ba'ad mkay?"
- Previous message: Jeff Cochran: "(no subject)"
- In reply to: Dean Smith: "Firewall choice for web hosting"
- Next in thread: karl [x y]: "Re: Firewall choice for web hosting"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
