Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG)

["Paul D. Robertson" <paul () compuwar net>]

On Thu, 25 May 2006, sushil menon wrote:

> hi robert i feel there is a good need for integrated appliance. i feel
> even fortinet is a good box just like netscreen having

What makes you feel that?  Historically, vendors have done a *terrible*
job of loading multiple codebases onto a single system, and all these
products will come from different development teams inside a vendor.


> ips,firewall,anti-virus. url-filtering and anti-spam in one single box.

So, one failure of any one component at the right level and you lose AV,
firewalling, anti-spam and filtering- that seems like a major increase in
risk.

Plus- and this is the biggie- now you're not choosing the best-of-breed of
any of the services, you're getting whatever that vendor's good at and
then the rest of their stuff that most likely couldn't survive on its own.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
http://fora.compuwar.net      Infosec discussion boards 

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards