This thread was "a web management system for the NetGAP firewall appliance" the NetGAP again.
back to the point. i'm not sure if you ever worked with SPHD products. or with Adminiweb at all. but all i said was: Adminiweb is a perfect tool to manage the NetGAP Appliance (if you can call it a firewall) i wanted to hear is your opinions, all i've heard since was: my CheckPoint is bigger. i'm not talking about enterprise class firewalls here. i'm talking about Adminiweb & NetGAP. that's it. again... i'm not sure if you even worked with NetGAP. and belive me.. administrating Golden-Channels network. 470,000 Customers. demands a lot. i won't copy the ifconfig file of our NG powered by StoneBeat Full Cluster, because it'll embarcing for you to brag about 6 interfaces. when and if you'll work with Adminiweb & NetGAP.. come back with an answer. (Troll? another slashdot geek. ohh god. maybe you wanna r00t my b0x) -Shay Hugi -Mpthrill.com ----- Original Message ----- From: "Mikael Olsson" <[EMAIL PROTECTED]> To: "Shay Hugi" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Thursday, June 06, 2002 12:22 AM Subject: Re: Firewall managment through SNMP (Was: Re: a web management system for the NetGAP firewall appliance(off-topic)) > > Shay Hugi wrote: > > > > who would be able to sniff my *LOCAL* network? if the web management > > is in the same network connected to same switch?. > > Anyone that mails a copy of back orifice, renamed to "hotpr0n.exe", > to a user with too much time on his hands. > > > ever heard about Webmin? i'm sure you've heard about this product. > > in case you haven't.. they stopped working with SSL because they saw > > there's no need for SSL if your'e managing a network device on your > > local LAN. > > It is obvious that the networks I admin have quite different security > demands compared to the networks that you admin. > > If you have a security policy that states "as soon as someone > gets a foothold on our 'internal LAN', we might aswell give away > everything", I suppose those arguments hold true. Most smaller > organizations do set up their network that way (although they > probably like to think that they have a firewall and antivirus, > so nothing can harm them), so in a sense, I suppose it's reasonable. > > > I'm more at home with segmented networks with two or more firewalls > and perhaps half a dozen legs on each box. If I'm at the "most > secure" admin LAN behind firewall A, and need to cross another > network to admin firewall B, I don't want people on that transit > network to use info from my admin channel to take over firewall B, > simply on defense in depth principles. > > Even if you don't have as many segments, you still ought to guard > your firewall admin interface as soon as the organization grows > beyond something like 20 users. Up to that point, you can (maybe) > have some control over what's going on, but once you get beyond > that, you get disgruntled employees, "power users" that want to > do a bit of P2P file sharing to get some new music or games... > or hotpr0n.exe. If things like that aren't a problem to you, I > guess all is fine with using virtually unprotected firewall admin > interfaces. > > If that is indeed Webmin's target segment, I guess all is fine there > too. If on the other hand they're targetting bigger organizations > with higher demands for security, and blatantly lie to them by > saying "hey, you don't really need authentication!", someone ought > to apply a clue-by-4 to their skulls. > > > -- > Mikael Olsson, Clavister AB > Storgatan 12, Box 393, SE-891 28 �RNSK�LDSVIK, Sweden > Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05 > Fax: +46 (0)660 122 50 WWW: http://www.clavister.com > _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls
