Gauntlet 5.5 for NT may not be the best firewall for my installation. But it is what I can afford. There has been some debate at NAI regarding the continued upgrade/enhancement of Gauntlet for NT, as NAI sees it market segment (the lower cost non Checkpoint shops) being reduced by firewall appliances. Disregarding the honeypot in my configuration, I just wanted an additional level of security, as I am not confident that Gauntlet is doing a good job. I do not have a tool that I can use to examine the packets that get pass the firewall. Any suggestions ? NAI's Sniffer Basic is mad expensivo. I am hard at work learning Solaris and hope to have an IDS running on it soon. Any comments ps - Adding VPN at a few branch offices to my configuration in a few months -----Original Message----- From: Crumrine, Gary L [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 27, 2001 8:33 AM To: 'Brian Ford'; [EMAIL PROTECTED] Subject: RE: Just Plain Wrong (Was: Netscreen or Watchguard Firebox) I have to agree with Brian.. My question is this, you are running gauntlet, why then would you want to use something as lame as one these appliances on your front end? For logging? Screening? As for seeing traffic from Russia, Japan, China, South America whatever.... welcome to the new millennium. I see hundreds of these every day. If you have paid attention to any of the statistics that are being thrown around these days, you would know that questionable activity has jumped significantly, and that Russia, China and Japan have been portals of choice for some time now. Probably due to knowing that the governments there have a don't ask don't tell policy towards hackers. As long as the hackers are not hitting their government sites, they turn a blind eye to the activity. I agree with Brian on the issues below, however I do have a differing view on what the ISP can do for you. I would not put much faith in an ISP to provide you with traditional security services.... It just is not their job. They are in business to provide connectivity, and until now, most have been unwilling or unable to manage the pipe to the degree this would take. That responsibility resides in your hands. > -----Original Message----- > From: Brian Ford [SMTP:[EMAIL PROTECTED]] > Sent: Tuesday, March 27, 2001 7:43 AM > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: Just Plain Wrong (Was: Netscreen or Watchguard Firebox) > > Irony, > > I have no comment about the NetScreen or WatchGuard decision. But > regarding the overall design I have to ask, "why?". > > Is this your personal Internet or a corporate connection? So you are > seeing "a lot of attacks from Russia and Japan"; are those attacks or just > > random probing of your network address space? > > By implementing a HoneyPot you are pretty much guaranteeing that probes > and > possible attacks will continue, if not increase in frequency. So these > intrusions will soak up more and more of your Internet bandwidth. Are you > > sure you want to do that to your companies Internet connection. > > Many of the folks out there doing HoneyPot research WHO KNOW WHAT THEY ARE > > DOING are establishing new Internet connections, separate from their > corporate connection, to host the honey pot. Remember, the HoneyPot draws > > interest and draws them away from other connections. > > I think your intent is good but instead of wasting bandwidth on a honeypot > > you should work with your provider to classify this traffic, build better > filters and knock this traffic down before or as it arrives at your > Internet connection. > > Just my $0.02. > > Regards, > > Brian > > > >Date: Mon, 26 Mar 2001 09:28:10 -0500 > >From: "Irony" <[EMAIL PROTECTED]> > >Subject: Netscreen or Watchguard Firebox > > > >Anyone had any experience with either Netscreen or Watchguard Firebox ? > >and does my design appear acceptable ? > > > > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> > > > >I am recently seeing a lot of attacks from Russia and Japan on my > >Gauntlet for NT v5.5. I am not at comfortable that I am getting the > >right degree of protection. I am think about doing the following > > > >Internet -->Router--->Firewall > >A----->HoneyPot----->Gauntlet----->IDS--->Internal Network > > > >Will this work and does it make sense > > > >I am looking for suggestions for Firewall A. I cannot afford > >CheckPoint, > > > >Thank You > > - > [To unsubscribe, send mail to [EMAIL PROTECTED] with > "unsubscribe firewalls" in the body of the message.] - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
