RE: Centralized firewall management and log analysis tools

["Mikhail A. Utin" <mutin () commonwealthcare org>]

Andy: ". It's extremely resource-hungry, and trying to get sensible logs out of it when something doesn't work (as 
happens often in my experience) is not easy."
It looks like my opinion about CP more than ten years back (1996 - 2001) when I used it. Nothing changed so far ...

Mikhail Utin, CISSP
Information Security Analyst



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Andy Smith
Sent: Thursday, May 03, 2012 5:04 PM
To: security-basics () securityfocus com
Subject: Re: Centralized firewall management and log analysis tools

On Thu, May 3, 2012 at 7:12 PM, john dow <guest01 () gmail com> wrote:
> If money is not a concern, I would recommend Check Point. We have 
> quite a big Check Point deployment as well as Juniper Firewalls, 
> Phion/Baracuda Firewalls and some Cisco Firewalls (ASA, PIX). Check 
> Point has by far the best tools for managing a centralized deployment.
> Even their IPS-blade is much better now that I has been before. For 
> log analysis you could use Check Point Eventia Reporter and with 
> Tufin, you can do much more, e.g. track changes, compliance, ...
> I am not a Check Point guy and I regularly complain about Check Point 
> myself, but it is definitely the best package I have experienced yet.

Although Check Point do have some good products from an endpoint point of view, I manage a number of Provider-1 
installations and I can't say I'm particularly impressed with it. It's extremely resource-hungry, and trying to get 
sensible logs out of it when something doesn't work (as happens often in my experience) is not easy.

My 2p worth.

Andy.
------------------------------------------------------------------------

CONFIDENTIALITY NOTICE: This email communication and any attachments may contain confidential 
and privileged information for the use of the designated recipients named above. If you are 
not the intended recipient, you are hereby notified that you have received this communication 
in error and that any review, disclosure, dissemination, distribution or copying of it or its 
contents is prohibited. If you have received this communication in error, please reply to the 
sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication 
and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy, 
please visit our Internet web site at http://www.commonwealthcare.org.


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------