Hi everybody,
I use this product (I mean Network - 1 Cyberwall) for a while. This soft has
couple edition:
SV - for server
WS - workstation
IP - Internet gateway
AP - Application.
Basically all of them almost the same - it's embedded FW for Win NT/2000.
This software has Central Management Console, which allow you to
modify/install/update policy on any Network - 1 FW, it's statefull Firewall,
with a lot of predefined templates (like template for Web server, FTP server
and so on).
As Firewall it's good enough (at least for me, we use it as server FW, not
perimeter).
About IDS .... Better get something else. It's 10 predefined types like:
Land Style Attacks, TearDrop, SYN Flood, TCP/UDP Port Scan, Ping Flood and
so. (At least for version 6.03, latest one is 6.1) and you can get mail
notification when FW detect those events.
And last thing. If you have nothing (I mean FW) before this box, and if
anybody get access to this box, he/she can launch from it GUI for this FW
and get access to any other of your Network - 1 FW just using Win NT
authenthification.
Performance for this soft - nice.
Alex Kvasnytskyy
LAN Admin
Digital Security Controls
-----Original Message-----
From: Hague, Alex [mailto:[EMAIL PROTECTED]]
Sent: Monday, March 05, 2001 2:34 PM
To: Karl Wahala; 'Brian Rabinowitz'
Cc: [EMAIL PROTECTED]
Subject: RE: Web Server Resident Firewall
Karl, it's nice to make comments like that but, you haven't made any valid
point....
Brian, does the web server resident firewall do anything on the application
layer ?
The benefits of this system would be better throughput, also more redundancy
as the firewall's no longer a single point of failure etc. But you no longer
have any centralised management, so you can't apply a policy that will
affect all machines at once, or have centralised IDS info. By performing
more tasks on each machine the processors will need to be more powerful, IDS
can often require lots of diskspace and you also have the logistical problem
of collating IDS data across hosts.
Depending on your network type host based IDS maybe the better solution (eg
if it's all switched and you can't run a port on the switch to monitor the
rest), but it's much easier to have centralised IDS so that patterns can
emerge when looking at attacks that are run across multiple hosts. Your
maintanence tasks are much greater also, rules have to be applied to each
host based firewall, and the IDS housekeeping (checking and removal of logs
etc) now has to be performed on a per host basis.
My $.02 is, it will depend on each individual situation as to what's
applicable. I wouldn't recommend going this way for all of your deployments
though. It may only be suitable when throughput is being limited by the
firewall (or a single machine that performs a function that could become
host based instead), and even in that situation you could have two
firewalls, each one looking after half of the servers etc. I don't
understand your point about added security. You've probably lost the ability
to have an ALG, and what extra security can you only apply on a host based
level, that you can't apply on a centralised firewall ?
Cheers,
Alex Hague
Internet Support Officer,
Auckland City Council
-----Original Message-----
From: Karl Wahala [mailto:[EMAIL PROTECTED]]
Sent: Monday, 5 March 2001 16:54
To: 'Brian Rabinowitz'; [EMAIL PROTECTED]
Subject: RE: Web Server Resident Firewall
Sounds like bullshit to me...
-----Original Message-----
From: Brian Rabinowitz [mailto:[EMAIL PROTECTED]]
Sent: Sunday, March 04, 2001 9:39 PM
To: [EMAIL PROTECTED]
Subject: Web Server Resident Firewall
One of our customers has been using a Win NT web server resident firewall +
IDS product from a company called Network-1.
The customer stated that placing the software right on their various web
servers and removing the Gauntlet firewall they previously used - increased
throughput and provided them with added security - that is more server
specific and protects the back-end as well. They also get extensive
host-specific IDS data from the host firewalls to a central manager.
Before we move forward with further deployments of this type, we are
planning to test these statements. I was wandering if there is any similar
experience on this thread?
Are there additional products to those of Network-1's app server resident
firewall +IDS that do the same?
Thanx for your help,
Brian Rabinowitz
NetSec Consultant
e-Verify, Inc.
Security Verification Services
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
