Home page logo

firewall-wizards logo Firewall Wizards mailing list archives

Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG)
From: George Capehart <capegeo () opengroup org>
Date: Thu, 25 May 2006 19:44:09 -0400

Robert A Beken wrote:
I have a question for the group about this new trend of using a single 
firewall for all IDS and Firewall related tasks in an integrated box for 
enterprise organizations (not SOHO).  I personally think it's a bad idea 
and lacks flexibility in configuration and  "defense in depth" posture 
towards security.  What are other people's thoughts?

IMHO, single points of failure are /*NEVER*/ appropriate.  In the part
of the world from which I come, we even use firewalls from two different
vendors on the internet-facing side and the internal-facing sides of a
DMZ.  On my home network I run two different firewalls, have two
different AV packages on each machine, HIDS and firewalls on each
machine, two different anti-adware and two different anti-spyware
packages on each of the Windoze boxes.  No single vendor can ever cover
all the bases of any one "anti-", much less do it all . . .  The idea of
using "an integrated solution" runs counter to everything we've been
doing in the "defense in depth" space . . .



firewall-wizards mailing list
firewall-wizards () listserv icsalabs com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]