Ok, I'm getting a little further. We can get hold of Raptor's Eagle here from
a UK distributor. That has to be a strong point in its favour. Given that
it is one of only a few products which encrypt end to end on incoming
connections, it is one of only a few which I'm considering.
I'm still slightly concerned though that it runs on an unmodified OS - I
wonder if anyone has comments to make here. I've been reassured a little
from some folk, but I'd like to throw open the question (re secured OS etc).
Any idea whether there are any 'secure' OSs which it will run on? Or anyone
know if there's a hardened version of Solaris (or possibly HPUX) which I
can get.
I wonder if anyone out there has managed to run Eagle on a secured platform of
any sort ?
Furthermore, I was interested to gather that Eagle can filter based on the
MAC addresses of contacting machines. It works, so I gather, by working
through the ARP tables. However, if it is to verify the MAC address of a
machine on the internal network, it is going to be stuffed if there is a
router in the way (from the 'secured subnet' architecture).
That is we would have:
---------------+------------
|
Router
|
------+----------------- screened subnet ----+---------
|
Eagle
|
-----------+-------- internal net --
Note the lack of internal router. The folk I was talking about this with,
were of the mind that internal router functions aren't quite so critical (in
terms of being placed in a separate box) given that newer firewall products
have this built in. Any comments ? I like the idea of the MAC address
filtering though. Sounds good. How d'y'all see the pros and cons of
placing another router in series with the Eagle ?
Thanks now,
Danny
|
|
