Security Basics mailing list archives
Re: all-in-one vs one-on-each (feat. Comercial vs FOSS)
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Sat, 24 May 2008 17:38:12 +0200
On 2008-05-24 Alex wrote:
I would like some opinions, again. For a fixed budget would you go for * an all-in-one "Firewall" ( FW+IPS+VPN+...) ie. Checkpoint, * a dedicated, known and expensive firewall/gateway with the company of an Open Source solution for IPS, URL filtering etc? * a full Open Source solution (iptables,snort,ossec,squid etc) and spend the money elsewhere :) The things that concern me are, Redundancy. I can live without IPS for a while but not without Internet ( and by "I" I mean "The Company") Scalability. Not only performance-wise but cost-wise too. I think that having to pay for every "extra feature" is going to lead to Open Source anyway... Complexity. Better to manage one than more, right?...
The answer to your question depends heavily on the actual requirements, your network topology, your admins' expertise, and what kind of "fixed budget" you have. Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq
Current thread:
- all-in-one vs one-on-each (feat. Comercial vs FOSS) Alex (May 24)
- Re: all-in-one vs one-on-each (feat. Comercial vs FOSS) Ansgar -59cobalt- Wiechers (May 24)
- Re: all-in-one vs one-on-each (feat. Comercial vs FOSS) korozion (May 24)
- Re: all-in-one vs one-on-each (feat. Comercial vs FOSS) Alex (May 25)
- Re: all-in-one vs one-on-each (feat. Comercial vs FOSS) Mike Hale (May 26)
- Re: all-in-one vs one-on-each (feat. Comercial vs FOSS) John Jasen (May 28)
- Re: all-in-one vs one-on-each (feat. Comercial vs FOSS) Ansgar -59cobalt- Wiechers (May 24)