I must say that I agree with the idea of not implementing your firewall on
the same OS you are looking to protect. We are an NT shop but our dual
firewall structure is based on separate firewall products and separate OSs.
A major concern for us was the one expressed in Paul's email. If someone
can hack your firewall OS and it is the same as your site OS .....
I come from a mainframe background so I tend to have a leaning towards
structured centralised management. I do tend to favour the UNIX philosophy
over the NT one but running an NT network with correctly implemented
security, software distribution and remote management does not cause us any
heartache. The servers are stable and do not crash.
I believe that the best indicator of overall site stability is your call
logging system and how many outstanding issues you tend to have. Our
outstanding production issues are typically in single figures. Our monthly
Help Desk calls are round about the 150-170 mark. Most of these tend to
be, "How do I .." or "I've forgotten my password/ has expired/ is locked
out".
These figures are for a company of about 260 people spread over 6 sites in
two countries. We manage all of this comfortably from the central location
with no fulltime IT personnel in the remote sites.
All of this indicates to me that the stability of the OS/ Network
environment is not solely due to the supplier but also good design and
implementation.
People who are having servers dropping at regular intervals should consider
Viagara eye drops, this would let them take a good hard look at things.
Kafil.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
