Lee,
Generally speaking I agree with most of the other responses.
I have recently had to deal with auditors, internal and hired guns. Any
auditor who makes recommendations on technologies isn't focused on the
results. What are the desired results?
- Anti Spam
- Content Filtering
- Anti-Virus
- Intrusion Prevention
I'd propose the development of a program to address each of these
things. Don't get hung up on the technologies just yet. Define the
above areas, the threats and desired results, then go in to each one
with an open mind about tackling the problems one at a time. Start with
a clear, agreed upon, definition of the issue, and then get some very
high level SWAGs at approaches, along with cost/effort estimates for
each. I generally say that you should have 3 options for any thing you
are going to tackle, and rank them in order of your preference, along
with strengths and weaknesses of each. Then let the managers decide how
important it is to them.
It's possible that you will end up where this auditor leads, but the
decision should be based on business needs, and technical solutions to
the business problems, not a one size fits all statement.
The good thing is that if you lay these kinds of things out, you
have had the auditor point out that these items are issues that you
should address, it should take some of the pain out of the management
sales dance that you will have to do. The bad news is that you may find
yourself in for a load of work, this could be good if you get to learn a
lot.....
Here's wishing you success!
Kevin
Lee Fickenscher wrote:
I just received an "audit" report that I'm supposed to discuss at a
meeting tomorrow. Part of that report covers my firewall. The current
firewall is OpenBSD 3.5 (yes, a bit out of date). My question regards
the wording of the report. It talks about "generations" of firewalls
(first gen, second gen...) I've never heard of the term generations
used to discuss firewalls. Has anyone heard of this term used with
firewalls?
While the auditor might have been general competent, and certainly was
more knowledgeable about Windows than I am, I don't feel that he is
really up on security. He recommends replacing my box with a Sonicwall
unit, which, if I understand correctly, is just a dedicated Linux box.
I don't see how that gains me much more than a pretty interface. His
company is most likely a Sonicwall reseller, but I don't think he is
even aware what the Sonicwall runs under the covers.
Pertinent text follows verbatim:
"Your current Firewall is a PC running a version of OpenBSD (Unix).
This solution is a Firewall but it has only the most basic Firewall
capabilities of NAT and port blocking. This type of Firewall was
current technology found several years ago in first generation
Firewalls. Current Firewall technology is its Fourth generation and
includes such features as Antivirus, Anti-Spyware, Content Filtering,
and Intrusion Prevention. The idea is that the more stuff you block at
the perimeter the better your whole network will perform. The
Sonicwall solution we are proposing also has the ability to do both
software and hardware VPN if at a future date you wish to implement
secure Internet connections from remote sites."
Any input is appreciated (preferably constructive) particularly from
any of the security experts out there.
Thanks,
Lee
--TriLUG mailing list :
http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
--
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
