So what is the best firewall?
The technology to develop a *secure* firewall is very well understood
today. You could easily use a Linux box with freely available tools
installed on an old 486 that would be very secure and support the most
commonly available services. Security is a lot of smoke and mirrors
sometimes ;-)
(I'll assume a professional security consultant is installing regardless
of firewall type - money well spent from my experiences).
So why should you pay for firewall software? You pay for a firewall
because you have a set of requirements and circumstances that are best
met by a certain firewall vendor.
* protocols supported
* ability to customize for new applications
* logging
* throughput
* o/s supported
* log analysis capabilities
* ease of administration
* stability of vendor (will they be around next year?)
* responsiveness to customer requests
* third-party tools (virus scanning, etc)
* types of authentication
* et al.
I install Check Point and Raptor for example. The two firewalls
approach security from different philosophical viewpoints, but both have
their place depending on what the customer wants and their enviroment.
I install on both UNIX and NT as well. Both have their place depending
on the customer's environment and skill set.
What's the best firewall today? I haven't installed every firewall, so
I'm really not sure. You could read an *independent* lab test, but the
lab probably won't accuractely reflect your environment. A lab test
only reflects the results of a small subset of possible environmental
variables - good info to have but not gospel.
Don't ask what is the best firewall. Assess the needs and requirements
of your organization and then ask which firewall best meets your
requirements for a price you can afford. After this assessment you may
have to adjust the price you are willing to pay or modify your
requirements.
regards,
Rob
________________________________
Rob Davis <rdavis @
lucentncg .
com>
Lucent Technologies, Network Consulting Group
Network Consultant
http://www.lucentncg.com
(972) 419-3815
1-800-SKY-PAGE #126-9384
-----Original Message-----
From: mike syiek [SMTP:msyiek @
andovercg .
com]
Sent: Thursday, November 13, 1997 4:21 PM
To: Barfu Egon jun.
Cc: firewalls @
GreatCircle .
om; ntsecurity @
iss .
net
Subject: Re: [NTSEC] Re: Need a Firewall but dont know which one
you guys will be missing the best:
http://www.tis.com
Gauntlet Firewall
Barfuß Egon jun. wrote:
> Hi,
>
> I think I will buy one of the following firewalls:
> FireWall - 1
> SessionWall - 3
> WatchGuard
>
> As a platform i want to use Linux. Is this possible with these products
> and what do you think about them?
> Does anyone of you have information and experience with one of them?
> Are these firewalls good and how much do they cost????
>
> Thanks in advance
> Egon
>
> --
> mailto:egon @
computronic .
at
|
|
