At 09:32 29/09/00 -0500, [EMAIL PROTECTED] wrote:
>The question isn't what are our opinions on firewalls. It should be what
>do you need your firewall to do. Every network is different, therefor,
>every security solution is different. These are some of the questions I
>would ask myself before I start looking at firewalls.
>
>1. What is the security requirement of this site.
>
>2. Which protocols/applications need to be allowed through the firewall.
>
>3. How complex is the enviroment you are placing the firewall in? Do you
>need one dmz, multiple dmzs, no dmzs?
>
>4. What operating systems are you comfortable with?
>
>5. How much traffic is going through your internet link?
>
>6. How much money do you have to spend?
>
>7. Is there a good, dedicated firewall admin or do you need an appliance
>with minimal changes?
and
8. what level of support do you need?
if this is critical, he needs to check that the vendor is really present n
your town/country.
since his a-pseudo-sig suggests he is in .fr, french vendors and Cisco may
be good choices
(I'm not aware of the "real" presence of others).
9. if this is for a bank, you probably need a highly available solution. I
guess if traffic
is blocked for an hour, your bank might lose much money...
10. do you trust foreign companies ?
this depends on the sensitivity of the flowing infos.
11. do yo need encryption?
if so, beware of the US export control laws tha limit the size of the key.
>Here are some commercial firewalls.
>
>Sidewinder (www.securecomputing.com)
>Cyberguard (www.cyberguard.com)
>Firewall-1 (www.checkpoint.com)
>Guantlet (www.nei.com)
>Raptor (www.axent.com)
>BOrderware (www.borderware.com)
>PIX (www.cisco.com)
[2 typos-> Gauntlet (www.nai.com)]
and some french ones (in alphabetic order of company name):
- Netwall by Bull: runs on AIX, Solaris (and NT?).
- MWall by MATRAnet: this is derived from the Gauntlet, and runs BSDi,
Solaris and NT.
(so yes, if you want the Gauntlet for BSDi, get this one).
- check also SolSoft.
...
>I prefer the Sidewinder firewall myself. It is an application layer
>gateway. It runs on a Trusted Operating System (BSDI 4.1 with Type
>Enforcement for MAC added in and a lot of other stuff). It has split DNS.
>It has a lot of application layer proxies. ect. ect.
Never used it, but it seems to be a nice one.
regards,
mouss
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
