FW: Why should one buy (or not) an Appliance-based security gateway?

[DWreck <dwr3ckmailbox-fulldisclosure () yahoo com>]

I'll try to give some realistic answers to the question and address the newbie's comments below:

 

> Because you dont know that much about security ??? ( a >theoretical "you" !!)

 

Not sure where this comment comes from but it appears to be in reverse.  

 

Using appliances for specific purposes is/should be part of most security architectures in environments with moe than 
one segment.  Appliance devices help keep TCO down.  It is possible to build your one IPS, firewall etc. but it is 
usually not cost effective for larger environments.

 

> If you know what you need, and what can you do, you do it by >yourself, and 

> only rely on your capacities.

 

You should be designing and implementing solutions for your clients that should scale and have as low a TCO as 
possible.  More often than not, this means you will need to piece togther solutions from multiple vendors etc.  

 

Creating your own solutions for everything is fun and you should try it sometime (at home?)for the learning experience. 
 However, in corporations you will typically NOT have the time to do so.  You will probably end up using a combination 
of appliance devices and custom scripts to get the job done.  

 

As for relying only on your capabilities and building solutions that only you understand (and can maintain), this will 
NOT lead to job security.  It is also negligent from a DR/BCE stasndpoint for your clients.

 

> If you need protection, or at least some kind of monitoring >activity, but dont 

> know much about network security, then you go an buy a solution

 

Ignore the above comment.  It was made by someone who probably knows a lot about security and nothing about business 
and budgeting.

 

> BTW, all the network admins I know use firewall for protection, >but dont now 

> much aside from that, most of the time use some kind of >precoded rules, and 

> keep it like that forever.

 

I have yet to meet one such individual.  Appliance devices rarely come with a rule set.  They also typically do NOT 
come configured for a specific client's network :-)

 

 



Thanks,

DWreck

CONFIDENTIALITY NOTICE: This e-mail and any attachments thereto may contain information which is privileged and 
confidential, and is intended for the sole use of the recipient(s) named above. Any use of the information contained 
herein (including, but not limited to, total or partial reproduction, communication or distribution in any form) by 
persons other than the designated recipient(s) is strictly prohibited. If you have received this e-mail in error, 
please notify the sender either by telephone or by e-mail and delete the material from any computer. Thank you for your 
cooperation.