Mark,
Good beginning to your firewall questionnaire. FWIW, I have one which is
about @250-300 lines long (each line is a separate evaluation item). It
is a re-creation of a firewall evaluation checklist I made when I evaluated
all of the major players in the firewall arena.
To get a copy, feel free to e-mail me or (preferably) call me at:
(317) 573-0800.
Best Regards,
Frank
>
> I am looking at possible commercial firewall products as my employer
> may be getting a direct Internet connection soon. In order to help the
> selection process, I have sent a list of questions to several
> manufactures and suppliers, which I list below, does anyone think Ive
> missed anything out?
>
>
>
> It is expected that XXXXX would want to offer the following services
> to its employees:
>
> WWW access, FTP gets, outward bound Telnet, feed for an internal
> Newsgroup server.
>
> Please note that electronic mail (SMTP) is not desired - this is
> fulfilled via other channels. This raises the issue of a DNS - this
> has not yet been resolved, XXXX may look to the Internet Provider to
> supply this service.
>
>
> QUESTIONNAIRE
>
>
> 1. Would you describe your product as a:
> a. A circuit firewall?
> b. An application firewall?
> c. A hybrid of the above?
> d. Something else (please elaborate)?
>
> 2. Is your firewall a:
> a. Software only solution?
> b. A hardware and software solution?
> c. Something else (please elaborate)?
>
> 3. On what hardware platform does your firewall run on?
>
> 4. What operating system does your firewall run on?
>
> 5. What physical network topology does the hardware support:
> a. Ethernet?
> b. Token ring?
> c. Something else (please elaborate)?
>
> 6. How is the firewall managed/configured? (e.g. by use of telnet,
> serial port etc.)
>
> 7. What sort of user interface is used to manage the firewall?
>
> XXXXX would want to deny access to many of the TCP and UDP protocol
> suite at the router using packet filtering. If this were not possible,
> the following protocols should be denied access by the firewall.
> Please indicate, for each protocol, whether this is possible, and
> whether the firewall itself will respond to them (e.g. incoming
> Telnet).
>
> 8. ICMP
>
> 9. RIP.
>
> 10. SMTP.
>
> 11. Incoming Telnet.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> 12. All incoming RPC type protocols (NFS, NIS)
>
> 13. TFTP.
>
> 14. FTP (incoming).
>
> 15. all 'r' commands.
>
> 16. MBone and other IP over IP protocols.
>
> 17 X11.
>
> 18. is a 'sanitised' version of finger supported?
>
> 19. Is there a proxy service for FTP?
>
> 20 Is there a proxy service for Telnet?
>
> 21. Is there a proxy service for NNTP?
>
> 22. Is there a proxy service for HTTP?
>
> 23. What sort of bandwidth of Internet connection can your firewall
> handle?
>
> 24. How many concurrent IP circuits can your product handle?
>
> 25. XXXX operates on a commercial basis internally, and may wish to
> charge departments and users for their usage. Does you product have
> this facility built-in?
>
> 26. How does your product react to potential security breaches?
>
> 27. Does your Firewall assist in preventing outward bound misuse?
>
> 28. Do you offer security consultancy? If so, at what cost?
>
> 29. Do you have any reference sites whom XXXX may contact in the
> future?
>
> 30. What would a suitable solution cost, assuming a 64Kbps leased line
> connection? What sort of maintenance and support is offered and at
> what cost?
>
> 31. Do you have any independent evaluations (e.g. Magazine review) of
> your product?
>
> 32. Is there anything else you wish to tell us about your firewall
> product(s)?
>
>
> Mark.
>����
>����
>
|
|
