WebApp Sec mailing list archives
Re: web appliaction security products (AKA application firewalls)
From: Skip Carter <skip () taygeta com>
Date: Fri, 22 Nov 2002 09:13:08 -0800
What is the group experience with these type of devices? Any good, bad or horror stories about using/maintaining them? Any specific recommendations?
We use them for our smaller clients with pure Internet client (i.e. no Internet servers on the LAN) networks. For such simple networks they aren't too bad and they are very easy to set up. They can also handle server NATting but we rarely use them once a network starts providing Internet server functions. If you have a complicated network with things like multiple segments, or subnetting, they can become awkward or impractical to use. Things to watch out for: -- if VPN is a requirement, make sure you actually get it running and test it. Sometimes its not so easy, or the device is actually just "VPN capable" -- be careful of the licensing, some devices have a per system license structure. -- many have a limited number of firewall rules that can be set up, be sure that you can actually implement the policy you want on the device that you are considering. -- if its a plug-and-play firewall, turn that feature off or pick another device! We have found that many companies that make these devices will provide evaluation units to network security companiies so that you can try them out before recommending them to a client. -- Dr. Everett (Skip) Carter Phone: 831-641-0645 FAX: 831-641-0647 Taygeta Scientific Inc. INTERNET: skip () taygeta com 1340 Munras Ave., Suite 314 WWW: http://www.taygeta.com Monterey, CA. 93940
Current thread:
- web appliaction security products (AKA application firewalls) Shimon Silberschlag (Nov 22)
- Re: web appliaction security products (AKA application firewalls) Skip Carter (Nov 23)
- Re: web appliaction security products (AKA application firewalls) Kevin Spett (Nov 23)
- RE: web appliaction security products (AKA application firewalls) Fernando Martins (Nov 24)
- Re: web appliaction security products (AKA application firewalls) Jason Childers (Nov 24)
- Re: web appliaction security products (AKA application firewalls) Bennett Todd (Nov 25)
- <Possible follow-ups>
- RE: web appliaction security products (AKA application firewalls) Lars Troen (Nov 24)
- Re: web appliaction security products (AKA application firewalls) Dave Aitel (Nov 24)
- Re: web appliaction security products (AKA application firewalls) securityarchitect (Nov 24)
- Re: web appliaction security products (AKA application firewalls) Dave Aitel (Nov 24)