[TriLUG] Firewalls

Kevin Flanagan kevin at flanagannc.net
Mon Jul 10 20:15:46 EDT 2006 

Lee,

    Generally speaking I agree with most of the other responses.


I have recently had to deal with auditors, internal and hired guns.  Any 
auditor who makes recommendations on technologies isn't focused on the 
results.  What are the desired results? 

    - Anti Spam
    - Content Filtering
    - Anti-Virus
    - Intrusion Prevention


    I'd propose the development of a program to address each of these 
things.   Don't get hung up on the technologies just yet.  Define the 
above areas, the threats and desired results, then go in to each one 
with an open mind about tackling the problems one at a time.  Start with 
a clear, agreed upon, definition of the issue, and then get some very 
high level SWAGs at approaches, along with cost/effort estimates for 
each.  I generally say that you should have 3 options for any thing you 
are going to tackle, and rank them in order of your preference, along 
with strengths and weaknesses of each. Then let the managers decide how 
important it is to them. 

    It's possible that you will end up where this auditor leads, but the 
decision should be based on business needs, and technical solutions to 
the business problems, not a one size fits all statement.



    The good thing is that if you lay these kinds of things out, you 
have had the auditor point out that these items are issues that you 
should address, it should take some of the pain out of the management 
sales dance that you will have to do.  The bad news is that you may find 
yourself in for a load of work, this could be good if you get to learn a 
lot.....


Here's wishing you success!



     Kevin


Lee Fickenscher wrote:
> I just received an "audit" report that I'm supposed to discuss at a 
> meeting tomorrow. Part of that report covers my firewall. The current 
> firewall is OpenBSD 3.5 (yes, a bit out of date). My question regards 
> the wording of the report. It talks about "generations" of firewalls 
> (first gen, second gen...) I've never heard of the term generations 
> used to discuss firewalls. Has anyone heard of this term used with 
> firewalls?
>
> While the auditor might have been general competent, and certainly was 
> more knowledgeable about Windows than I am, I don't feel that he is 
> really up on security. He recommends replacing my box with a Sonicwall 
> unit, which, if I understand correctly, is just a dedicated Linux box. 
> I don't see how that gains me much more than a pretty interface. His 
> company is most likely a Sonicwall reseller, but I don't think he is 
> even aware what the Sonicwall runs under the covers.
>
> Pertinent text follows verbatim:
>
> "Your current Firewall is a PC running a version of OpenBSD (Unix). 
> This solution is a Firewall but it has only the most basic Firewall 
> capabilities of NAT and port blocking. This type of Firewall was 
> current technology found several years ago in first generation 
> Firewalls. Current Firewall technology is its Fourth generation and 
> includes such features as Antivirus, Anti-Spyware, Content Filtering, 
> and Intrusion Prevention. The idea is that the more stuff you block at 
> the perimeter the better your whole network will perform. The 
> Sonicwall solution we are proposing also has the ability to do both 
> software and hardware VPN if at a future date you wish to implement 
> secure Internet connections from remote sites."
>
> Any input is appreciated (preferably constructive) particularly from 
> any of the security experts out there.
>
> Thanks,
> Lee
> --TriLUG mailing list        : 
> http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/

More information about the TriLUG mailing list