On Mon, 11 Oct 1999, Emad Hazza wrote:
> I have a question which have been answered before.
> As an ISP do I really need to have a firewall, if so what do you think of the PIX
>firewall.
ISPs that do on-line accounting should probably have a firewall, but it
would be even better and more secure if important billing and customer
information systems weren't connected to the Internet at all. This is
generally difficult though, and may entail having seperate machines or
keyboard/video/mouse switches on each support and billing desktop.
My first choice would always be a proxy-based firewall, but the analysis
that would figure out if filtering is sufficient is quite involved and
requires a proposed security policy, risk profile, and business case IMNSHO.
> I need to convince my management and some of the corporate customers, whether a
>firewall is a good solution for an ISP security.
If you're looking to provide security to your customers, you have to
agree on a policy with them. About the only blanking policy that will
still fly is doing anti-spoofing (in and *out*-bound) and that's easiest
done on their customer premisis routers if you control them, or yours if you
don't (or both if you're sufficiently paranoid.) Most routers should make
that fairly easy.
HTH,
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
PSB#9280
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
