|
Focus on Microsoft
ISA Server or Firewall Appliance? Nov 15 2005 04:58PM Marcos Marrero (mmarrero LLOYDSTSB-USA com) (1 replies) Re: ISA Server or Firewall Appliance? Nov 15 2005 09:28PM James Eaton-Lee (james mailing gmail com) (2 replies) Re: ISA Server or Firewall Appliance? Nov 16 2005 01:51AM Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa pacbell net) (3 replies) Re: ISA Server or Firewall Appliance? Nov 16 2005 05:37PM Abe Getchell (mailing list spooler gmail com) (1 replies) Re: ISA Server or Firewall Appliance? Nov 16 2005 05:50PM Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa pacbell net) (1 replies) RE: ISA Server or Firewall Appliance? Nov 15 2005 11:35PM Nick Wells (nick clandestineresearch com) (1 replies) Re: ISA Server or Firewall Appliance? Nov 16 2005 10:56PM Abe Getchell (mailing list spooler gmail com) (1 replies) |
|
|
Privacy Statement |
You bring up a good point concerning misconfiguration (of course it's
possible to misconfigure an appliance firewall), but with an appliance
solution there's simply less to misconfigure in the first place; either
the component simply doesn't exist or the administrator isn't given
(direct) access to screw it up.
However, that being said, having people who understand firewalls and can
manage them appropriately isn't at question here, that's an HR issue.
What is at question here is which piece of technology, that the original
posted described, is better suited to be a perimeter firewall. We're
talking pure technology here, as is usually implied when asking a "which
is better" question on a technology mailing list. We just assume that
regardless of the solution it will be managed competently (though we
shouldn't... we really, really, shouldn't).
Simply going through the basic build/configuration/management process
and comparing the steps/processes involved will give you a clear picture
as to why appliance solutions (such as Check Point's SPLAT or Cisco's
PIX) are much less complex than a "general purpose" solution (such as
Windows/ISA or Linux/IPTables). I'll spare you (and everyone else) the
lengthy e-mail (unless you really, really, want it) and let you go
through that exercise on your own, if you choose.
Abe
--
Abe Getchell
abegetchell (at) gmail (dot) com [email concealed]
http://abegetchell.com/
Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:
> I've seen/read the CISCO security guides on NSA... I've seen
> misconfigured appliance firewalls. There's a lot of complexity out
> there even in these dedicated devices.
>
> I'm not convinced 'the vast majority of that complexity doesn't exist'
> is a valid statement anymore in what we have going through our
> firewalls these days and what we have installed.
>
> I'm a SBSer so throw me out the best practices window anyway as I break
> all of 'em ... but take a box [a], stick a secure.inf template on it or
> run the Secure Configuration Wizard, I'm just not convinced that unless
> you have folks that understand that firewall you can make such blanket
> statements these days.
>
>
>
> Cisco Router Security Recommendation Guides // National Security Agency //:
> http://nsa2.www.conxion.com/cisco/
>
> [a] and when I say ..take a box... that means Windows 2003 only, 2000
> even with .inf's applied just isn't the same beast.
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]