Home page logo

firewall-wizards logo Firewall Wizards mailing list archives

Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG)
From: Devdas Bhagat <dvb () users sourceforge net>
Date: Mon, 29 May 2006 03:53:18 +0530

On 28/05/06 09:52 -0400, Marcus J. Ranum wrote:
Devdas Bhagat wrote:
Only the Sith deal in absolutes.

OK, so we need to come up with a good "sith name" for me. :)

Darth Sidious, Darth Marcus...

This notion that security is a matter of degree is accurate in the large
but inaccurate in the small. Unfortunately, we're all dealing with the

Not necessarily. This thread is dealing with the options in combining
components. Should we go with a large application in a box, a box with
multiple smaller applications put together by the vendor, or do we go
with multiple boxes, each doing one thing well?

While most of us would automatically say the third, the first offers
features and possible ease of management while the second offers ease of
management and the possibility that everything will work correctly with
minimum hassle.

The original question was about using the first or second option instead
of the third. What we have no clue about is what resources are being
defended, what the value of those resources is, what the time of the
management team for the firewalls costs, what resources are already

The answer is 42.

While the answers on this may say "Industry leaders say that we should
use multiple boxes", it does nothing to help answer the question of
actual suitability of the system(s) in question to deliver a desired
level of security.

Devdas Bhagat
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]