At 9:00 pm 12/12/96, Bill Stout wrote:
>Which Firewalls have centralized management and delegation contol?
>Not individual HTML or Telnet remote administration, but a centralized
>application that manages a firewall and security delegation or group of
>firewalls.
Checkpoint's Firewall-1 (especially the forthcoming 3.0 release) has many
features that make it particularly suited to this sort of environment. The
network security policy is implemented by one or more inspection modules,
controlled by a central management module. The management module is
administered from one or more GUI clients. In version 3.0, different
clients can be given different management rights. Security events can be
dispatched to one or more SNMP managers.
>I think the only way to handle coming internet applications or intra-company
>applications over the internet is to make firewalls departmental, with
>a 'Netview' type application for central management and delegation control.
>Microsoft introduced remote management for webservers (Internet Service
>Manager) and probably will also introduce similar (non-HMTL) tools for
>their proxy servers and future firewalls.
Please, not a 'Netview' type application. :) However, in essence, yes:
central management of multiple security policies and points of enforcement
are vital characteristics for sophisticated network security products
today. As well as companies that have multiple departmental policies, there
will also be an increasing need for the larger business network providers
to run FM security services for their customers.
>Comments?
This complex model of security administration may never become the norm -
there are many more SMEs than Fortune 500 corporations - but it will be
where a substantial amount of the money is to be had. Checkpoint certainly
aren't missing this, and are definately maturing their flagship product as
an enterprise security framework. I'm keen to see how their competition
reacts.
Gordon Hundley,
Freelance Unix, Internet and security consultant.
|
|
