Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Choosing a firewall (was Re:firewall suggestion)

from [Kevin Russell] Network Security [Permanent Link]
Subject: Re: Choosing a firewall (was Re:firewall suggestion)
Date: Thu, 24 Feb 2005 09:15:59 -0600

we are looking into the pix 501, but the others in the tech room are saying we already have a firewall, a hotbrick , so I don't know anymore I had management on the idea of updating the network but now the other techs are getting in the way,

on subject
we really don't use vpns that much hell I don't know if we ever have, the whole deal of updating the network came from the fact that one of our PCs got hacked into and we lost control of the machine, probably a Trojan or a it had been zombied it was sitting in a DMZ, with no real protection, its no wonder we got a virus....

so we are moving the entire net over to a more secure setup, ...
I must also add that the original design of this net was not mine and I had noting to do with it, im kinda new...






Do you choose your firewall vendor/platform based primarily on best
case

claims for throughput, concurrent connections, and VPN tunnels?

I work in a client driven business, therefore it all depends on the solution
that is needed. If the client is linking to an IPVPN, for example, it is
important, as with certain businesses with many remote users, or managed
services, like co-loc terminal services.

For application layer protection I would use neither products, for serious
hosting f5 or SEF is the road to go down.

-----Original Message-----
From: Kevin [mailto:kkadow@gmail.com]
Sent: 23 February 2005 00:21
To: firewalls@securityfocus.com
Subject: Choosing a firewall (was Re:firewall suggestion)

On Thu, 17 Feb 2005 09:17:46 +0000, tom.farrar@it-ps.com
<tom.farrar@it-ps.com> wrote:
The PIX 515 is far superior to netscreen's, 

Do either PIX or Netscreen do full fragment reassembly yet?


full stop(.) - by concurrent connections or VPN tunnel, or even 
throughput.

Do you choose your firewall vendor/platform based primarily on best case
claims for throughput, concurrent connections, and VPN tunnels?

Just playing devil's advocate here, but shouldn't security appliance
selection
be driven by the *security* features implemented by each vendor? I'd hope
that all vendors are pretty much on equal footing in the arena of stateful
inspection packet filter features, and the real differentiation would be in
layers 5-7, with buzzwords like signature scanning and protocol anomaly
detection and "application layer" attack mitigation taking center stage.

I see PIX has just now added "deep inspection" for a handful of protocols,
Netscreen has twice as many listed in their marketing literature.

Kevin Kadow


[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Web traffic cleansing, Dermot Hanley
Next by Date:  Re: Choosing a firewall (was Re:firewall suggestion), Kevin
Previous by Thread:  RE: Choosing a firewall (was Re:firewall suggestion), Tom Farrar
Next by Thread:  Re: Choosing a firewall (was Re:firewall suggestion), Bob Noxious
Indexes:  [Date] [Thread] [Top] [All Lists]