> I agree with the statement above; careful inspection of log files is
> essential to security. However, there exist sites that don't *really* need
> security in the sense that you and I are probably thinking of. What they
About the Cisco PIX:
Most people need email, right?
and FTP server,
and WWW server
PIX doesn't by itself fulfill their needs.
As much as I generally like Cisco as a company (the have really useful
www site, good documentation, etc.) I don't like how *some* sales people
from Cisco have presented PIX.
Pix is probably a very good device, but it isn't a firewall by itself,
except for very few. But it can be a usefull part of Firewall.
*Some* sale people have presented pix as a firewall that only takes a few
minutes to set up and voila: you have a Firewall.
They compare it's price to Firewalls that do a lot more than PIX.
In their presentation the carefully try not to mention problems such as
securing mail or DNS, and don't seem to know what DMZ is.
If any of you are considering buing PIX, buy it as a part of well thougt out
total solution, not as a standalone device.
> >I agree whole heartly, thoug, the logging sucks. Especially in a non
> >Unix environment. Yeah, there is a Syslog for NT. But what about a
> >Novell network?
There is a free syslog program available for win31/95 if anyone is
interested. Might suit someone as a secondary logger, cheap and pretty
difficult to get into (if you are running win31 and say trumpet winsock,the
logger and nothing else), but maybe easy to crash.
> I don't think that is an adequate excuse. Syslog is an excellent tool for
> maintaining log files, for a variety of environments. You can *drop* a
> unix box in place for a couple of K, and not only will it provide you with
> logs (which you can disperse to write only media if you care, or replicate
> around the net) but it provides you with a platform that you can snoop
> traffic that passes through your segment, a base to telnet to/from, a
> platform to launch paging software, etc... If your office automation
> network is a pure novell net, fine -- but your security tool should be the
> best tool for the job, not dictated by the office environment.
> Again, the caveat from above applies. For example, I don't think any
> mission critical application should be NT based at this point in time,
> especially security based applications. If I'm doing something like a
> Checkpoint install, I will argue with my strongest force for them to put it
> on a unix box, preferably a nice stable ultra. However, some clients will
> make as a non-arguable constraint that they will be using NT, and
> ultimately, I have to allow them to refuse my counseling, and make the best
> of the environment they give me. Such is the reality of security planning.
> >> On the third hand [...]
> >??? ;)
> What, do you only have two? I always have two hands full, so have been
> forced to grow another... :)
> >-----BEGIN PGP SIGNATURE-----
> >Version: 2.6.2
> >-----END PGP SIGNATURE-----
> >-----BEGIN SPAM WARNING-----
> >WARNING: ANYONE SENDING UNREQUESTED ADVERTISEMENT
> >VIA EMAIL WILL BE ADDED TO A FILTER LIST, WHICH WILL
> >AUTOMATICALLY DELETE EVERY MAIL FROM THE SENDER.
> >THIS WILL DISABLE FURTHER CORRESPONDENCE.
> >PLEASE REFRAIN FROM SENDING JUNK E-MAIL (SPAM).
> >THIS E-MAIL ADDRESS IS NOT TO BE ADDED TO A MASS
> >EMAIL LIST.
> >-----END SPAM WARNING-----
> Robert Wooddell Weaver email: woody .
> Senior Systems Engineer voice: 510.358.3972
> Wiltel NSI pager: 510.702.4334