[windows2000] Re: OT Firewalls

From: "Tony Lyne" <Tony.Lyne@xxxxxxxxxxxxxxxxxx>
To: <windows2000@xxxxxxxxxxxxx>
Date: Sat, 28 Feb 2004 08:23:54 +1300
Jim is absolutely right here. A large part of my job is security consultation 
and design.
 
We all spend so many $$$ a year keeping out Antivirus and other gateway 
products up to date but totally make it pointless if you dont keep your 
perimiter security up to scratch. Firewalls are often seen as a once only 
expense and IT shops often neglect the importance of keeping them patched and 
up todate.
 
Many firewalls are looking at working at different layers (application layer 
rather than stateful inspection only) as well as attacks are becoming more 
advanced, which is why you have to spend the extra $$ to subscribe to their 
support programs. 
 
Trust me, spending the extra money on staying up to date is worth it in the 
long run.
 
Also dont forget about a decend NIDS/IDS system. My recommendation is Eaglex 
and snort from engage security. Its open source and is perfect for keeping an 
eye on your firewall to make sure its doing its job internally and externally. 
Also it can be used to keep check on youre internal network traffic.
 
My personal preference in firewalls is Borderware firewall server and 
Netscreens range. 
 
My 2c worth.
 
Tony.

        -----Original Message----- 
        From: Jim Kenzig http://thin.net [mailto:jimkenz@xxxxxxxxxxxxxx] 
        Sent: Sat 28/02/2004 7:09 a.m. 
        To: windows2000@xxxxxxxxxxxxx 
        Cc: 
        Subject: [windows2000] Re: OT Firewalls
        
        
        How much would it cost you to clean up if your network was hacked?  How 
much money would your company lose from downtime.  Would you still have a job?
        $7000 is pennies when I start answering those questions. Every 3 years 
updating critical hardware is not unrealistic.  Bandwidth technology has 
improved every few years also...it makes sense to keep your equipment in line 
with it. 
         
        JK 

                -----Original Message-----
                From: windows2000-bounce@xxxxxxxxxxxxx 
[mailto:windows2000-bounce@xxxxxxxxxxxxx]On Behalf Of Greg Reese
                Sent: Friday, February 27, 2004 11:57 AM
                To: windows2000@xxxxxxxxxxxxx
                Subject: [windows2000] Re: OT Firewalls
                
                
                My Cisco gear has been in the rack for four years.  We keep out 
smartnet up to date and have never had a problem.  Cisco has never come back to 
us and told us we have to replace all our hardware with their new stuff.
                 
                The Firebox X only comes with 90 days of live security so right 
off the bat I have to buy more live security.  It doesn't include Web Blocker 
anymore either.  they keep telling me that I only have to buy the features I 
need and can upgrade later.  That would be great if it was cheaper but its not. 
 The firebox X 700 now ends up costing me over $3000.00.  I have 125 users and 
don't use VPN.  Then what, in two years they tell me that the X is being 
retired and I have to throw it out and buy the all new XI?
                 
                I paid 2000 for the firebox two. I renewed Live Security on it 
for two years.  I now have over $4000 invested in a firewall that I have to 
throw out and spend another $3000 to replace it.  $7000 in three years for 
internet security is a bit steep for 125 users and no VPN.
                 
                Greg
                 
                 

  _____  

                From: windows2000-bounce@xxxxxxxxxxxxx 
[mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Kenzig 
http://thin.net
                Sent: Friday, February 27, 2004 11:39 AM
                To: windows2000@xxxxxxxxxxxxx
                Subject: [windows2000] Re: OT Firewalls
                
                
                C'mon Greg,
                WatchGuard, Rules....it makes sense that you'll need to keep 
your firmware up to date to keep up with the latest vulnerabilities and 
threats. All the vendors do it especially Cisco. It is planned obsolescence. 
I'd get the Firebox X in a heartbeat.  
                JK

                        -----Original Message-----
                        From: windows2000-bounce@xxxxxxxxxxxxx 
[mailto:windows2000-bounce@xxxxxxxxxxxxx]On Behalf Of Greg Reese
                        Sent: Friday, February 27, 2004 11:29 AM
                        To: windows2000@xxxxxxxxxxxxx
                        Subject: [windows2000] OT Firewalls
                        
                        

                        I have been a loyal Watchguard customer for a few years 
now but their new strategy of cutting off old products and forcing you into new 
ones is pissing me off right now.

                        I am exploring other options.  What are the rest of you 
using for firewalls? 

                        I liked Watchguard because I could configure it myself 
and they had great support available online.   But they dropped support for the 
Firebox II and are telling me I have to get a Firebox III.  Now they have come 
out with the Firebox X.  I am sure by the end of the year they will be telling 
me I have to upgrade from the III to the X.  I really don’t want to play that 
game.  I get enough of that from Microsoft and Great Plains.  I don't need it 
from my firewall too.

                        Greg
[windows2000] Re: OT Firewalls

Other related posts:
