Mehmet,
"Good enough" is a subjective statement. The answer depends of the mission
of your organization, and what it stands to lose should your systems become
compromised. Is your 50-node organization doing market research on thumb
tacks, or is it doing research on quantum computing? One is worth $5000 for
security, the other is probably not.
If cost is your bottom line, you could build a perfectly serviceable
firewall with Linux (total cost: $0, maybe $50 if you buy a bundled
distribution like Red Hat or Caldera). This will give you basic packet
filtering, not to mention more services (SMTP relay, web server, DNS, etc.)
than you'll know what to do with.
If you want more robust firewalling, you could add the legacy Firewall
Toolkit (total cost: $0) which will give you application-level firewall
proxies. You can add in hacks for transparency and patches for extra
proxies as you wish. And there is still more freeware for everything else
you might want out of a firewall, from log analysis to realtime performance
monitoring to penetration testing to intrusion detection/response.
IMHO you can build a rock-solid firewall with a high degree of trust, for
almost no money *in software licensing*. The real cost for such a firewall
would be the cost of building and supporting it yourself. You (or another
staff person in your organization) would have to be proficient in general
firewalling principles, UNIX, C and C compilation, ipfwadm and FWTK at the
very least. If you don't have that expertise, you will have to buy it in
the form of additional staff...
Regards,
Chris
Christopher Zarcone
Network Security Consultant
RPM Consulting, Inc.
[EMAIL PROTECTED]
#include std.disclaimer.h /* My opinions do not necessarily
reflect the opinions of my employer */
Date: Tue, 23 Mar 1999 09:22:58 +0200
From: "Mehmet Sokmen" <[EMAIL PROTECTED]>
Subject: Check Point Firewall-1
Hi,
Is Check Point Firewall-1 good enough to pay 5000$ for 50 nodes ??? Is
there
any cheaper and good firewall for good security?
boy
- -
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
