Great Circle Associates Firewalls
(October 1997) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Firewall beliefs T/F ?
From: Badri Pillai <Badri . Pillai @ ecrc . de>
Organization: ECRC
Date: Tue, 28 Oct 1997 10:51:12 +0100
To: akhila @ cc . iitd . ernet . in, "firewalls @ greatcircle . com" <firewalls @ greatcircle . com>
References: <9710280445 . AA23896 @ surya . iitd . ernet . in> 
Hi,

I would also look at:

1) Cost affectiveness
2) Performance
3) Since firewall are single point of failure
	a) Does the software or hardware support a standby feature
	   so that you can add it now or later.
	   e.g which support the above: Cisco PIX (HW),
	   Stonesoft Stonebeat (SW), sure there are many more HW/SW available.

4) Which type of firewall system you need and its [dis]advantages.
	e.g: a) Circute level (Performance is good)
	     b) Application level (Performence also depends on the system its running on)
5) If you are going to allow remote network connection to internal network, then VPN support.

Akhila Sinha wrote:
> 
> We are looking at firewall solutions to connect a 2MB link to about 2500
> users.
> We will need to support:
>      telnet outward  from almost all nodes,
>      full tcp inward from selected machines outside
>      Internet web, Intranet Web
FYI: since all firewalls are based on concurrent connections, microsoft browser
can open up to 20 TCP connections and is not configurable.

>      News
I think all firewalls can do the above. 


> 
> As we are still educating ourselves, I would appreciate some
> comments and substantiation on the following of my "beliefs "
> 
> .   A 'standard configuration'  for this is through a Packet filtering
>     router and firewall with two iinterfaces to the secure subnet
>     and a DMZ subnet.
> 
> .    Firewalls are of two kinds : MSPF (multi-state packet filtering)
>      such as Checkpoint FW-1 and proxy serving (PSF). such as Raptor
>      Eagle.
> 
> .    Of the two MSPF, PSF, the latter is more flexible and transparent
>      for use by an admin.  ( Any typical attacks scenarios which
>      cannot be handled / or are difficult to secure on or other ?)
> 
>      The News and Internet Web servers should not be on the secure side
>      (What are other problems beside errant CGI  programs ?)
> 
> Thanx in advance.
> 
> Akhila  Sinha
> Computer Centre, IIT Delhi
If you have more questions, just drop an email.

Regards,

Badri
-- 
Badri Pillai
ECRC Network Services GmbH    		Tel: + (49) 89-92699-119
Arabellastr 17, 81925 Muenchen		Fax: + (49) 89-92699-170
GERMANY					Mobile: + (49) 171-2132658        
http://www.ecrc.de			Internet: badri @
 ecrc .
 de
References:
Indexed By Date Previous: Re: sex,lies, and application proxy based fw vs Check Point
From: "Paul D. Robertson" <proberts @ clark . net>
Next: Advertisement: "Fish Lovers Only"
From: tri-max @ t-1net . com
Indexed By Thread Previous: Firewall beliefs T/F ?
From: ccf15429 @ cc . iitd . ernet . in (Akhila Sinha)
Next: Re: Firewall beliefs T/F ?
From: Vin McLellan <vin @ shore . net>
Google
 
Search Internet Search www.greatcircle.com