Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Enterprise Gigabit Firewall

from [Stephen J. Smoogen] Network Security [Permanent Link]
Subject: Re: Enterprise Gigabit Firewall
Date: Wed, 22 Mar 2006 14:32:00 -0700 
On 3/22/06, Shaun Bertrand <sbertrand@cbihome.com> wrote:



Well, the first sentence says it all.


"We are planning to purchase an Enterprise Firewall for our Head
Quarters."


How do you plan on supporting an enterprise environment with all free
products? Anyone working in a fortune 500 company knows there is no
tolerance for free programs. Especially in the security sector. No support,
no standards, and when it comes to compliancy assurance of the free program
there is just no way. I see your stance though, and would love if this were
feasible.


I dont think this is as true as it was 5 or 1 year ago. A lot more
Fortune 50 and 500 companies are using more Free Software but are
meeting their compliancy assurance through either internal programs or
via a known external vendor (IBM, Novell, HP, etc). They may also rely
on FLOSS (Free/Libre/Open Source Software ) without knowing it. The
IDS system they bought may be SNORT on OEM hardware and some added
icons to the webpage.  The internal firewalls they are using to
segment finance from development may be an OEM'd Linux or OpenBSD
kernel with some extra stuff on top of it... but they bought it from
CISCO so are happy.

It is interesting to look under the hood of some of the equipment that
is going into IT these days. A lot of it relies on FLOSS somewhere and
is being backed by large organizations because Total Cost of Ownership
for them is low. I




I would suggest what you've already recommended yourself (checkpoint,
sonicwall) along with Symantec and Fortinet. I agree with Dave in regards to
putting all your eggs in one basket. Modify your budget to include a high
availability/load balanced solution.



In answering the original question.. I recommend that you don't put
everything into one physical basket. You may stick with the same
vendor, but try to make sure you looked at stuff that works well with
outside vendors. That way if you end up needing something new in 1-2
years.. you do not have to completely rip up your infrastructure.



Shaun




 ________________________________
 From: David Ballester [mailto:dballester@kernpharma.com]
Sent: Wednesday, March 22, 2006 12:52 PM
To: 3 shool
Cc: firewalls@securityfocus.com
Subject: Re: Enterprise Gigabit Firewall


El mié, 22-03-2006 a las 15:34 +0530, 3 shool escribió:
Hello Everyone,

We are planning to purchase an Enterprise Firewall for our Head
Quarters. I have been doing some research recently on various possible
options. I do have budget restrictions and that is one important
factor which is going to influence management's decision.

WHat we need is an Enterprise Firewall that can:
1. Establish site-to-site VPN between our 4 branch locations
2. Establish client-to-site VPN for roaming users
3. Should support 500 Internet users at HO
4. Has a Gateway Antivirus, IPS and Content Filtering

Optionally, we also plan to move our SAP servers on this firewall in a
new zone. We would opt this only if the firewall provides us gigabit
throughput for our SAP servers.

For this solution I have been thinking of ISS, SonicWALL, Checkpoint
and Netscreen. It would be great if the list could put their thoughts
on what would be ideal for our scenario. I have also heard that
SonicWALL has a gigabit firewall model, Pro 5060. The price seems to
be really low compared to Checkpoint+Nokia, but would SonicWALL 5060
be a good option?

Thanks in advance.


GNU/Linux with iptables + IKE/Racoon ( ipsec ) , openvpn ( an very easy VPN
) + Clamav ( antivirus ) + Snort ( IDS ) + bonding ethernets ?

All for free ( as beer ) and near for free ( as beer )

In any way, my 2 cents, don't concentrate all in one product/machine, if
this one goes down, all your services goes down with it. I like more the
cluster with low budget machines or blades aproach , but this is only MMO



Regards

David Ballester
_________________________________________________________________________________________
 CBI prefers to send all email in a secure, encrypted, easy-to-use manner.
We are one of a few, select companies to have earned the Certified Solution
Partner (CSP) designation from PGP. To easily secure all future messages
from this sender using industry leading PGP Universal technology, please
click this link:

https://keys.cbihome.com:441/b/b.e?r=firewalls%40securityfocus.com&n=scqOC7%2BQMRfgm%2FQ1ZuWGuw%3D%3D



--
Stephen J Smoogen.
CSIRT/Linux System Administrator
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Enterprise Gigabit Firewall, Bill Church
Next by Date:  Re: Enterprise Gigabit Firewall, Volker Tanger
Previous by Thread:  RE: Enterprise Gigabit Firewall, Shaun Bertrand
Next by Thread:  RE: Enterprise Gigabit Firewall, Richard St John
Indexes:  [Date] [Thread] [Top] [All Lists]