I agree with most of what you say, and I like Nokia.
I have 5 of them. Their easy to manage, and with
Checkpoint are very secure.
However; without Checkpoint I'm not sure how pre
hardened IPSO is. For a test:
Add a rule in Checkpoint allowing any service to the
Nokia box from a Nessus server. This means Checkpoint
is not protecting it from that one server. Then run a
scan and Nessus will come up with 51 security holes,
15 security warnings, and 4 notes.
Remove the rule allowing full access, and Nessus will
just tell you that it's running Checkpoint.
I ran the same scan against one of my Linux boxes (not
running checkpoint), and only got 1 hole, 7 warnings,
and 4 notes.
Based on this I can't see that IPSO (v3.2.1-fcs1) has
been prehardened.
My $0.02
Pete Goodridge
--- Richard Peirce <[EMAIL PROTECTED]>
wrote:
> The Nokia appliance will also allow 10x the number
> of connections that NT
> and 3x the connections a Solaris box will.
>
> -----Original Message-----
> From: Scott Schindler [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, September 21, 2000 2:46 PM
> To: [EMAIL PROTECTED]
> Subject: [FW1] Why choose Nokia? Here's why.
>
>
> So many people talk about it being a simple box with
> an Intel processor.
> Why should anyone pay as little as $1500 to as much
> as $18000 for a Nokia
> appliance? (Note: the 110, which will be available
> in October is quite
> inexpensive)
>
> Full support of multiple routing protocols: IGRP,
> OSPF... (Tried to do that
> with NT lately)
>
> Built in High availability. How much is Stonebeat?
> Check Point's solution?
> ($12000 - $20000)
>
> Replaces not only the firewall but the exterior
> router as well. That saves
> me a good $2000 - $15000 dollars.
>
> Pre-armored OS. IPSO is a stripped down FBSD OS.
> Instead of having to go
> out and read Lance Spitzer's armoring OS docs and
> implementing those
> solutions correctly, it comes pre-armored to a great
> degree.
>
> These are just some reasons to use Nokia. No one is
> telling you it is the
> best solution for every environment. Current lack
> of gigabit support may be
> an issue. One to be resolved soon however. But
> these little things may
> cause you to buy another solution. Many reports
> specify that 70%+ of all
> firewall solutions will be integrated by 2003. Sun
> just bought a company so
> they can sell their own appliance solution because
> they know about this.
>
> The OS wars will always continue and now we have
> hardware wars to worry
> about too. Simply learn the true capabilities of
> each and know your own
> capabilities and go from there. I run CP FW-1 on
> all 4 OSes: Solaris, NT,
> Linux, and Nokia IPSO and they all work great. Some
> need a little more love
> and care than the others.(Linux) But they are all
> fine choices. If money
> is the issue. Nokia CAN be a great savings.
>
>
__________________________________________________
Do You Yahoo!?
Send instant messages & get email alerts with Yahoo! Messenger.
http://im.yahoo.com/
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
