Security Basics mailing list archives
RE: suggestions on a good firewall
From: "David Ellis" <David.Ellis () unicam com>
Date: Sat, 24 May 2003 20:23:32 -0400
Let me ask a question here? Why would anyone want tight active directory integration on a firewall which by all means constitutes a security flaw? Keep your active directory far from your firewall. A firewall is a security product and shouldn't be integrated into your internal network at all, besides VPN into your lan. -----Original Message----- From: Chris Berry [mailto:compjma () hotmail com] Sent: Thursday, May 22, 2003 2:31 PM To: security-basics () securityfocus com Subject: RE: suggestions on a good firewall
From: silvia ghezzi <ghezzi_silvia () yahoo de> Talking about firewalls, I have experience only with Gauntlet, and I was not really happy with it. It was too much complicated to understand and to be used and here was a real lack of support. Now I have been using PIX for a couple of months, and I am happy. But I still had to fight with my management (which is not really IT oriented). Since we have a full Windows 2000 environment with Windows experienced people, they made pressure to have MS ISA server as a firewall. Right now I could got PIX for our remote office, but they are still thinking to go for ISa for oher future remote offices. I have only a little experience on ISA, so I cannot judge. but I still consider it not as a firewall but as a HTTP proxy. Is there someone more into it than me, that can tell me about the advantags and/or disadvantages of having ISA as a firewall?
I'm using ISA here, and it's not bad as long as you use ONLY microsoft products. I chose it originally because when I started here MS was all I knew, now that I'm picking up Linux knowledge as well, I highly recommend IPCOP instead (plus its free, and you know how much manager love that word). IPCOP has firewall/proxy/ids/ssh etc. all built in, and it's ridiculously easy to set up. I use it for our remote office and I never have to do anything with it, just install and forget (well, check for patches once in a while, but not very often) The only real advantage I can see to ISA is tight Active Directory integration. Chris Berry compjma () hotmail com Systems Administrator JM Associates "All I want is a few minutes alone with the source code for the universe and a quick recompile." _________________________________________________________________ The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail ------------------------------------------------------------------------ --- Thinking About Security Training? You Can't Afford Not To! Vigilar's industry leading curriculum includes: Security +, Check Point, Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now! --UP TO 30% off classes in select cities-- http://www.securityfocus.com/Vigilar-security-basics ------------------------------------------------------------------------ ---- ************************************************************************************************** ** eSafe-portsmouth scanned this email for viruses, vandals and malicious content ** ************************************************************************************************** --------------------------------------------------------------------------- Thinking About Security Training? You Can't Afford Not To! Vigilar's industry leading curriculum includes: Security +, Check Point, Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now! --UP TO 30% off classes in select cities-- http://www.securityfocus.com/Vigilar-security-basics ----------------------------------------------------------------------------
Current thread:
- Re: suggestions on a good firewall, (continued)
- Re: suggestions on a good firewall Jason Dixon (May 28)
- Re[2]: suggestions on a good firewall Malte von dem Hagen (May 28)
- Re: Re[2]: suggestions on a good firewall Jason Dixon (May 29)
- RE: suggestions on a good firewall dave (May 26)
- RE: suggestions on a good firewall Daniel Cid (May 26)
- RE: suggestions on a good firewall Trevor (May 26)
- RE: suggestions on a good firewall dave (May 23)
- RE: suggestions on a good firewall Christopher Harrington (May 23)
- RE: suggestions on a good firewall Des Ward (May 26)
- RE: Re[4]: suggestions on a good firewall Christopher Harrington (May 26)
- RE: suggestions on a good firewall David Ellis (May 26)
- RE: suggestions on a good firewall David Moisan (May 27)
- RE: suggestions on a good firewall David Ellis (May 26)
- RE: suggestions on a good firewall Christopher Harrington (May 26)
- Re: RE: suggestions on a good firewall Spencer Hall (May 27)
- RE: suggestions on a good firewall Chris Berry (May 27)
- RE: RE: suggestions on a good firewall DeGennaro, Gregory (May 28)
- RE: suggestions on a good firewall Christopher Harrington (May 28)
- RE: suggestions on a good firewall David Ellis (May 28)
- RE: suggestions on a good firewall David Moisan (May 28)
- RE: suggestions on a good firewall Jon Pastore (May 30)
- RE: suggestions on a good firewall David Moisan (May 28)