Firewall Wizards mailing list archives
Re: Another Newbie with questions
From: "Bill Pennington" <bpennington () lucidnetworks com>
Date: Wed, 11 Aug 1999 07:57:51 -0700
First off, good choice on the Pix, I love these boxes. The can be difficult to configure if you are not familiar with IOS but if you are not going to let any traffic through the firewall, they are pretty easy. A couple of points: 1. Avoid the use of the established command like the plague. It is evil. 2. The Pix works best with NAT. Network Address Translation. This is where you have private network address inside (10.*, 192.168.*) and the Pix translates them into "Real" addresses. If you are going to be using a Pix you should get up to speed on this technology. (At least Cisco's version) 3. I recommend most of my clients get Webtrends for Firewalls and VPNs. This product will collect the Pix log files (via syslog) then you can run all kinds of reports on the data. Very good product. If they only made a linux version:-(. You can check it out an download a demo at www.webtrends.com. Good Luck! Bill Pennington Consultant Lucid Networks -----Original Message----- From: Michael Kelley <michaelkelley () home com> To: firewall-wizards () nfr net <firewall-wizards () nfr net> Date: Tuesday, August 10, 1999 11:20 PM Subject: Another Newbie with questions
Greetings, My company is going to have to open a internet connection soon in order to do business with a client. The decision has been made to use a PIX <sp?> firewall. I'm told these are some fairly stout devices and darned near impenetrable. It's looking more and more like I will be the guy doing the maintainance of the Firewall/Security setup for our company . I don't have much experience, but I'm told that I am the most paranoid person in my department. <heh> I'm looking for is personal opinions regarding this device. I understand it has logging capabilities and is configurable (I'm told it's a bitch to configure). I've been doing my best to get up to speed on the subject of network security. I've been reading "Firewalls and Internet Security" by Cheswick and Bellovin, and "Hacker Proof" by Klander and Renehan. I think I'm beginning to get a glimmer of understanding about the issues I will have to deal with. I'm trying to learn as much as possible so that when I examine log files, I can understand what I'm looking at. I'd also like to know if there are things I should do to help shore up any weaknesses in this type firewall if any. I've already started putting the bug in the ears of the deciding authorities at the office about restricting internet access to only the places we have to go. Since word got out that we will be getting access, the "Gods' Must Be Crazy" syndrome(#1) has hit the office and suddenly, everyone thinks they have a reason to have access to the Internet. I'm making a big deal out of describing how an unwitting user can bring down a virus by grabbing the latest whack-a-mole game. (We use Inoculan, so I'm not really that worried about viri on the network.) I am of the opinion that if we begin with a drastic, "don't you dare go to Persian Kitty", style of internet policy, it will be somewhat easier to maintain productivity and reduce risks to the network. #1- The Gods' Must Be Crazy Syndrome: Based on a movie of the same name. When a remote tribe of people recieve an empty Coca Cola bottle dropped from a plane flying overhead, they don't know what to do with it. They've never seen one before. But soon, the tribe begins fighting amongst themselves because all of a sudden, _everyone_ needs to use it. The same can be said for Internet access in a company that never had it before.
Current thread:
- Another Newbie with questions Michael Kelley (Aug 10)
- Re: Another Newbie with questions Woody Weaver (Aug 11)
- Re: Another Newbie with questions Paul Alukal (Aug 11)
- Re: Another Newbie with questions Rick Smith (Aug 12)
- <Possible follow-ups>
- RE: Another Newbie with questions Houser David DW (Aug 11)
- Re: Another Newbie with questions Michael Kelley (Aug 11)
- Re: Another Newbie with questions Bill Pennington (Aug 11)
- Re: Another Newbie with questions Chris Boscolo (Aug 12)
- Re: Another Newbie with questions Bill Pennington (Aug 13)
- Re: Another Newbie with questions Michael Kelley (Aug 13)
- Re: Another Newbie with questions Joseph S D Yao (Aug 13)
- Re: Another Newbie with questions Chris Boscolo (Aug 12)
- RE: Another Newbie with questions sean . kelly (Aug 13)