mailing list archives
Re: Roaming Firewall Solution Information
From: Randy Williams <randyw () techsource com>
Date: Wed, 15 Dec 2004 14:21:12 -0500
Thanks for the update, and for my part, I noticed no lack of clarity at
all. I can also sympathize, rolling out ANYTHING in a week's notice is
insane, but that doesn't stop management doing just that every few months.
Keep up the good fight and let us know what eventually works out for you.
And an update on my particular issue... particularly to Randy, but just for
No matter what you take from this list, make sure you have time to test it
well enough with your environment - its common sense but bears repeating.
As Keith says, Sygate has a similar solution in detail to Integrity,
including client agent systems. After my question, and since I was only
seeking a laptop firewall (for now) I chose BlackICE and Sygate from the
recommendations for testing. (Certain other vendors haven't provided
responses to quote requests or trial requests yet, but I don't expect them
in time.) I'm more impressed with Sygate's potential feature set, but so
far it's induced a blue screen upon the initiation of any VPN connection
over our client. So test whatever you choose, YMMV.
Forgive any obtuseness above, I'm exhausted and sick. From much past
experience, I know that means my emails come out somewhat unclear.
I am glad I have a picture of Integrity's approximate cost model, though,
for later reference. Being only a small part of a large company, rolling
out Integrity on a weeks notice is a bad idea.
I sent thanks to all who replied privately, but I'm positive I missed the
ones that hit the list. Thanks.
From: Erickson, Tom [mailto:terickso () siemens-emis com]
Sent: December 14, 2004 7:33 AM
To: Randy Williams; Keith Bucknall (Home)
Cc: security-basics () lists securityfocus com
Subject: RE: Roaming Firewall Solution Information
We have tested Sygate and it worked wonderfully. Many options priced
Take a look at it.
Tom Erickson, MCSE
Siemens Power Transmission & Distribution, Inc.
Energy Management and Automation Division
10900 Wayzata Blvd., Suite 400
Minnetonka, MN 55305
email: Tom.Erickson () siemens com
From: Randy Williams [mailto:randyw () techsource com]
Sent: Monday, December 13, 2004 11:59 AM
To: Keith Bucknall (Home)
Cc: security-basics () lists securityfocus com
Subject: Re: Roaming Firewall Solution Information
We have a current project, awaiting funding, that would do almost
exactly what you are looking to do with the ZoneAlarm Integrity
While the Integrity product does require a master server that the
clients routinely connect to, it allows for seamless non-intrusive
security on the OS. The Integrity client runs as a process that they
user (no matter their account privilege level) cannot adjust. So there
is no chance that they will compromise themselves.
The pricing we got for a 50 user rollout was about $3,700 with the
2-year maintenance package. They were charging about $65.00/seat for
both the client and the server.
This may be a bit outside your budget, but our review found that it was
the best solution for us. Being a small company it will be a real win
Keith Bucknall (Home) wrote:
I am looking into the Cisco CSA agent software, take a look at
for more detials
Mr Keith Bucknall
From: G.Crow [mailto:secure.computing () gmail com]
Sent: 10 December 2004 01:16
To: security-basics () lists securityfocus com
Subject: Roaming Firewall Solution Information
I'm seeking a firewall solution that I can deploy on my mobile users
laptops. I've done some research into this, but in my position I've
been extremely pressed for time lately, and don't know if I can get
the research done in the near future, especially since quotes for the
products I'm familiar with are hard to come by for business users.
Any experiences, help, or recommendations into this are more than
Basically I'm tired of worrying if my users are going to bring home
the next big thing. I know what I'd pick for myself, but I'm not so
sure what is so good for end users - I'm looking for something I can
set up a base template of rules for and leave running without forcing
my users to make 'hard' choices in the field - and therefore call me.
I'm not currently looking at one of the centrally managed firewall
solutions, primarily for cost reasons - I'm doing this outside of the
central IT budget for a subset of users specific to my facility. I
haven't seen any particular studies on this issue, and testing all the
various products out there isn't in my immediate time scope.
My criteria/situation is as follows:
-Environment: Mixed Win2k SP4/WinXP SP1 laptops. Varied hardware.
~20-30 or so.
-Budget: $50 a head or so, lower preferable, but variance is allowed.
-Desired features: Importable rulesets, local logging, user-friendly
(as they *will* end up making it ask about some traffic)
-Compatibility: Cisco VPN Client, Novell, Internal web apps, i.e.
nothing too extreme except for possibly the Cisco client -Timeframe:
Trying to get this purchased before 2005
I've looked into ZoneAlarm and Checkpoint Integrity, but Zone Labs is
elusive in which product they will license to business customers, and
at what price, so I'm unsure even of what product to test. Checkpoint
seems a little pricey for the simplified solution I'm going for -
however unlike ZoneAlarm and Tiny, I haven't played with it to be
sure. My experience with Tiny has been anything but user-friendly, a
key concern. I also haven't used recent versions, so I don't know if
it's improved. Kerio I haven't used, and I'm unsure of other
client-based unmanaged firewalls to check out.
Thank you for any help you can provide,
secure dot computing at gmail d0t com