RE: Check Point Firewall-1

1999-03-24 Thread Markus Döhr 

 Is Check Point Firewall-1 good enough to pay 5000$ for 50 
 nodes ??? Is there
 any cheaper and good firewall for good security?

That strongly depends on the OS you use. IMHO I'D _NEVER_ put security related
stuff on an NT platform, I'd like to really _KNOW_ what's goin' on with the
packets routed through. There are several other packets availabe for NT (Raptor
Eagle, Gauntlet etc.) I have no experience in.

We're using Linux with packet filtering, TIS and IP logging; works fine, it's
cheap (0.00) fast an reliable.

We have about 120 nodes inside here getting partially masqueraded and/or going
out through squid object cache proxy server... and all this on a P166. 

If you don't want to put everything together on your own, there's a commercial
version available too: http://www.linux-firewall.de. Don't know the price but
it's worth the look at.


--
Markus Doehr 
IT Admin
AUBI Baubeschläge GmbH  
Tel.: +49 6503 917 152  
Fax : +49 6503 917 190  
e-Mail: [EMAIL PROTECTED]
MD1139-RIPE  
*   
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Re: Check Point Firewall-1

1999-03-24 Thread czarcone 

Mehmet,

"Good enough" is a subjective statement. The answer depends of the mission
of your organization, and what it stands to lose should your systems become
compromised. Is your 50-node organization doing market research on thumb
tacks, or is it doing research on quantum computing? One is worth $5000 for
security, the other is probably not.

If cost is your bottom line, you could build a perfectly serviceable
firewall with Linux (total cost: $0, maybe $50 if you buy a bundled
distribution like Red Hat or Caldera). This will give you basic packet
filtering, not to mention more services (SMTP relay, web server, DNS, etc.)
than you'll know what to do with.

If you want more robust firewalling, you could add the legacy Firewall
Toolkit (total cost: $0) which will give you application-level firewall
proxies. You can add in hacks for transparency and patches for extra
proxies as you wish. And there is still more freeware for everything else
you might want out of a firewall, from log analysis to realtime performance
monitoring to penetration testing to intrusion detection/response.

IMHO you can build a rock-solid firewall with a high degree of trust, for
almost no money *in software licensing*. The real cost for such a firewall
would be the cost of building and supporting it yourself. You (or another
staff person in your organization) would have to be proficient in general
firewalling principles, UNIX, C and C compilation, ipfwadm and FWTK at the
very least. If you don't have that expertise, you will have to buy it in
the form of additional staff...

Regards,

Chris

Christopher Zarcone
Network Security Consultant
RPM Consulting, Inc.
[EMAIL PROTECTED]
#include std.disclaimer.h  /* My opinions do not necessarily
reflect the opinions of my employer */

Date: Tue, 23 Mar 1999 09:22:58 +0200
From: "Mehmet Sokmen" [EMAIL PROTECTED]
Subject: Check Point Firewall-1

Hi,

Is Check Point Firewall-1 good enough to pay 5000$ for 50 nodes ??? Is
there
any cheaper and good firewall for good security?

boy

- -
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]


-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

RE: Check Point Firewall-1

1999-03-24 Thread Bill Hinton 

Hi,

Is Check Point Firewall-1 good enough to pay 5000$ for 50 nodes ??? Is there
any cheaper and good firewall for good security?

boy


Try WatchGuard (http://www.watchguard.com), it's a good, inexpensive firewall solution 
for small to medium sized networks.

 
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Re: Check Point Firewall-1

1999-03-24 Thread Bill Hinton 

Hi,

Is Check Point Firewall-1 good enough to pay 5000$ for 50 nodes ??? Is there
any cheaper and good firewall for good security?

boy


Try WatchGuard (http://www.watchguard.com), it's a good, inexpensive firewall solution 
for small to medium sized networks.

 

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]