Re: Security comparison
From: Karl Levinson [x y] mvp (levinson_k@excite.com)
Date: 01/02/03
- Next message: Karl Levinson [x y] mvp: "Re: Changed password"
- Previous message: Karl Levinson [x y] mvp: "Re: yahoo games"
- In reply to: Lily: "Security comparison"
- Next in thread: TwistedPair: "Re: Security comparison"
- Reply: TwistedPair: "Re: Security comparison"
- Reply: Lily: "Re: Security comparison"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Karl Levinson [x y] mvp" <levinson_k@excite.com> Date: Thu, 2 Jan 2003 09:27:24 -0500
"Lily" <lsho@iname.com> wrote in message
news:O4oyLhlsCHA.2628@TK2MSFTNGP09...
> I was wondering, how does a DSL VPN router (such as D-Link DI-804V or
> similar brand) security compare to a software firewall such as Microsoft
> ISA/Proxy Server? Is it similar? or which one would you recommend? I had a
> Internet connection as well as VPN tunnel from both VPN router, I was
> wondering whether I need to put another ISA Server behind the router.
It really depends on what your environment is and what your needs are.
Microsoft ISA server includes proxy and caching features as well, which can
speed internet performance in some cases. It probably also integrates
better with Windows domains for authentication than other products, which
may or may not be a good thing. ISA server costs around $1500 for the
software alone, plus the server to put it on, so you should be really sure
that you need a proxy server first, otherwise you're probably paying too
much. I personally think the ISA server is not the simplest GUI out there
and would probably have more of a learning curve for you. You should go to
www.google.com and read up on what a proxy server / application level
firewall is and how it is different from a stateful firewall and a NAT
router, to see which one you need.
> It seems these day most of the VPN router already have some sort of
firewall
> feature. Such as NAT, IPSec VPN etc, if so, wouldn't this router aleady
> block all ports? Where would be the security hole is?
I'm not familiar with that router, but NAT routers that just rely on NAT as
a "firewall" only block inbound connections, not outbound connections.
Whether or not your firewall is stateful can also make a big difference.
Other firewall solutions you might want to consider are below. Also, a
firewall alone is not enough to keep you secure, so other things you should
consider for security are also below.
http://securityadmin.info/faq.htm#firewall
http://securityadmin.info/faq.htm#harden
- Next message: Karl Levinson [x y] mvp: "Re: Changed password"
- Previous message: Karl Levinson [x y] mvp: "Re: yahoo games"
- In reply to: Lily: "Security comparison"
- Next in thread: TwistedPair: "Re: Security comparison"
- Reply: TwistedPair: "Re: Security comparison"
- Reply: Lily: "Re: Security comparison"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
