[TriLUG] Firewalls

David McDowell turnpike420 at gmail.com
Mon Jul 10 23:26:46 EDT 2006 

We recently had an IT audit as well... the end result was to recommend
CheckPoint for our firewall and if we wanted to do any web filtering,
to invest in a proxy of some kind.  Our auditor was extremely
knowledgable and approached his recommendation to us as if he himself
was planning it... seeing the business need and filling it... how's
that go... "see a need, fill a need", quoted from Robots (the movie).
:)  We have Brightmail for spam, Norton for AV and ... hahaha, IE's
pop-up blocker... no, just kidding, the AV tends to ward off spyware
too.  :p  Yup... we are 100 XP on the desktop and I can't make FireFox
our default browser either... plus it hogs memory all the same.
Anyway, it's late... goodnight!!

good luck Lee, I hope you prevail!

David


On 7/10/06, Kevin Flanagan <kevin at flanagannc.net> wrote:
> Lee,
>
>    Generally speaking I agree with most of the other responses.
>
>
> I have recently had to deal with auditors, internal and hired guns.  Any
> auditor who makes recommendations on technologies isn't focused on the
> results.  What are the desired results?
>
>    - Anti Spam
>    - Content Filtering
>    - Anti-Virus
>    - Intrusion Prevention
>
>
>    I'd propose the development of a program to address each of these
> things.   Don't get hung up on the technologies just yet.  Define the
> above areas, the threats and desired results, then go in to each one
> with an open mind about tackling the problems one at a time.  Start with
> a clear, agreed upon, definition of the issue, and then get some very
> high level SWAGs at approaches, along with cost/effort estimates for
> each.  I generally say that you should have 3 options for any thing you
> are going to tackle, and rank them in order of your preference, along
> with strengths and weaknesses of each. Then let the managers decide how
> important it is to them.
>
>    It's possible that you will end up where this auditor leads, but the
> decision should be based on business needs, and technical solutions to
> the business problems, not a one size fits all statement.
>
>
>
>    The good thing is that if you lay these kinds of things out, you
> have had the auditor point out that these items are issues that you
> should address, it should take some of the pain out of the management
> sales dance that you will have to do.  The bad news is that you may find
> yourself in for a load of work, this could be good if you get to learn a
> lot.....
>
>
> Here's wishing you success!
>
>
>
>     Kevin
>
>
> Lee Fickenscher wrote:
> > I just received an "audit" report that I'm supposed to discuss at a
> > meeting tomorrow. Part of that report covers my firewall. The current
> > firewall is OpenBSD 3.5 (yes, a bit out of date). My question regards
> > the wording of the report. It talks about "generations" of firewalls
> > (first gen, second gen...) I've never heard of the term generations
> > used to discuss firewalls. Has anyone heard of this term used with
> > firewalls?
> >
> > While the auditor might have been general competent, and certainly was
> > more knowledgeable about Windows than I am, I don't feel that he is
> > really up on security. He recommends replacing my box with a Sonicwall
> > unit, which, if I understand correctly, is just a dedicated Linux box.
> > I don't see how that gains me much more than a pretty interface. His
> > company is most likely a Sonicwall reseller, but I don't think he is
> > even aware what the Sonicwall runs under the covers.
> >
> > Pertinent text follows verbatim:
> >
> > "Your current Firewall is a PC running a version of OpenBSD (Unix).
> > This solution is a Firewall but it has only the most basic Firewall
> > capabilities of NAT and port blocking. This type of Firewall was
> > current technology found several years ago in first generation
> > Firewalls. Current Firewall technology is its Fourth generation and
> > includes such features as Antivirus, Anti-Spyware, Content Filtering,
> > and Intrusion Prevention. The idea is that the more stuff you block at
> > the perimeter the better your whole network will perform. The
> > Sonicwall solution we are proposing also has the ability to do both
> > software and hardware VPN if at a future date you wish to implement
> > secure Internet connections from remote sites."
> >
> > Any input is appreciated (preferably constructive) particularly from
> > any of the security experts out there.
> >
> > Thanks,
> > Lee
> > --TriLUG mailing list        :
> > http://www.trilug.org/mailman/listinfo/trilug
> > TriLUG Organizational FAQ  : http://trilug.org/faq/
> > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>

More information about the TriLUG mailing list