Anton,
#I`m not sure if this is the right forum but here goes anyway. I`ve noticed
#that most of you use FW-1. I am currently looking at implementing a
firewall
#and have tested the Lucent solution ("The Brick") which I found easy to
#implement as well as having a high level of security. I would appreciate
any
#advice on experiences regarding solutions and suppliers as well as
gradings
#on the different solutions.
I looked at the Lucent Managed Firewall and it did seem pretty
interesting. It is hard to suggest a firewall when I have no idea about
your site needs. So, I will just tell you about my favorite firewall. The
Sidewinder is an application-layer gateway that runs on a trusted operating
system called SecureOS. This is actually the BSDI 4.1 kernel for
Sidewinder 5. The Sidewinder engineers reviewed the BSDI code for security
bugs and placed mandatory access controls (Type Enforcement) in the OS. I
have yet to see a firewall with more application layer proxies than
Sidewinder 5.0. It has split DNS. It also has two sendmail servers for
mail relay and some pretty advanced mail filtering capabilities that slow
the box down way to much to use. Sidewinder 5 has a Squid proxy server.
There is URL filtering built-in. The Sidewinder is slower than a
Firewall-1 running on the Nokia platform but has improved in speed a lot
with Sidewinder 5. There is a good load balancing solution with Radware's
Fireproof. You do need to know UNIX, DNS, and routing as well as a little
bit about Sendmail to adminster this. I don't think I would say that the
Sidewinder is easy to implement but Secure Computing has some excellent
consultants that will install it for you.
Some vendor sites for firewalls:
Sidewinder (www.securecomputing.com)
Cyberguard (www.cyberguard.com)
Firewall-1 (www.checkpoint.com)
Guantlet (www.nei.com)
Raptor (www.axent.com)
BOrderware (www.borderware.com)
PIX (www.cisco.com)
Or, there is always IPFilter on OpenBSD or IPChains on Linux if you want a
solution with minimal upfront costs.
Regards,
Jeffery Gieser
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
