Home page logo

nanog logo nanog mailing list archives

Re: Internet Edge and Defense in Depth
From: JAMES MCMURRY <jim () miltonsecurity com>
Date: Tue, 6 Dec 2011 13:32:04 -0800

I have seen at quite a few of our customers locations, starting out with a lofty goal of putting everything in a single 
box (UTM) and turning every single option on.

In ~ 30% of the firms who do so it works out ok (not great, but it works).  In the majority, the customer winds up 
turning features off one by one, and moving those to another system.


On Dec 6, 2011, at 1:25 PM, -Hammer- wrote:

I personally have not seen it done in large environments. Hardware isn't there yet. I've seen it done in small 
business environments. Not a fan of the idea.


"I was a normal American nerd"
-Jack Herer

On 12/06/2011 03:16 PM, Holmes,David A wrote:
Some firewall vendors are proposing to collapse all Internet edge functions into a single device (border router, 
firewall, IPS, caching engine, proxy, etc.). A general Internet edge design principle has been the "defense in 
depth" concept. Is anyone collapsing all Internet edge functions into one device?



This communication, together with any attachments or embedded links, is for the sole use of the intended 
recipient(s) and may contain information that is confidential or legally protected. If you are not the intended 
recipient, you are hereby notified that any review, disclosure, copying, dissemination, distribution or use of this 
communication is strictly prohibited. If you have received this communication in error, please notify the sender 
immediately by return e-mail message and delete the original and all copies of the communication, along with any 
attachments or embedded links, from your system.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]