Security Basics mailing list archives

Re: Firewall Basics

From: Miles Stevenson <miles () mstevenson org>
Date: Thu, 22 Jul 2004 14:30:53 -0400

On Wednesday 21 July 2004 11:18 am, Jennifer Fountain wrote:

I am designing a "service" network that is separate from our
"production" network.  Our web sites, email server, etc will be
utilizing this network; whereas, internet traffic and vpn traffic will
utilize the other.  My question is in regards to firewalls.  Currently,
I am using a PIX for my production network.  From what I have been
hearing, it is recommended to use two different firewall vendors in this
situation.  Is this a general consensus with all of you?  Or do you
think having another pix would be ok?  Thanks for any info!


My advice is pretty much in-line with everyone else's: stick with what you 
know best. While in theory you can gain security by using diverse firewall 
platforms, the gains are probably minimum compared to other security 
practices. To put it another way, ask yourself "Is the rest of the security 
throughout my network really so good that using two different kinds of 
firewalls would be a good use of my time?"

Spend those resources on better log analysis, integrity checking, network 
intrusion detection, incident response preparation, etc, etc. You will gain a 
lot more using those resources elsewhere. =)


-- 
Miles Stevenson
miles () mstevenson org
PGP FP: 035F 7D40 44A9 28FA 7453 BDF4 329F 889D 767D 2F63

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

Firewall Basics Jennifer Fountain (Jul 21)
- SV: Firewall Basics Kim Guldberg (Jul 22)
- Re: Firewall Basics NSC (Jul 22)
- Re: Firewall Basics Miles Stevenson (Jul 22)
- RE: Firewall Basics David Gillett (Jul 22)
- RE: Firewall Basics J.Ayoola (Jul 22)
- Re: Firewall Basics jon rodman (Jul 23)
- Re: Firewall Basics Miles Stevenson (Jul 23)
- <Possible follow-ups>
- Re: Firewall Basics eip (Jul 26)