Re: all-in-one vs one-on-each (feat. Comercial vs FOSS)

[Alex <alex.tsr () gmail com>]

-----Original Message-----
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
To: security-basics () securityfocus com
Subject: Re: all-in-one vs one-on-each (feat. Comercial vs FOSS)
Date: Sat, 24 May 2008 17:38:12 +0200

On 2008-05-24 Alex wrote:
> I would like some opinions, again.
> For a fixed budget would you go for 
>  * an all-in-one "Firewall" ( FW+IPS+VPN+...) ie. Checkpoint,
>  * a dedicated, known and expensive firewall/gateway with the company of
> an Open Source solution for IPS, URL filtering etc?
>  * a full Open Source solution (iptables,snort,ossec,squid etc) and
> spend the money elsewhere :)
>
> The things that concern me are,
>
> Redundancy. I can live without IPS for a while but not without Internet
> ( and by "I" I mean "The Company")
> Scalability. Not only performance-wise but cost-wise too. I think that
> having to pay for every "extra feature" is going to lead to Open Source
> anyway...
> Complexity. Better to manage one than more, right?...

The answer to your question depends heavily on the actual requirements,
your network topology, your admins' expertise, and what kind of "fixed
budget" you have.

Regards
Ansgar Wiechers


Lets say that,
 the admins expertise is not a concern, 
 the network is a simple one, several internal vLANS and a DMZ with a
dual-ISP internet connection,
 the budget is $10k

To make things clearer I'm not necessarily looking for the cheapest
solution. I want to know where would you put more weight (money). Is it
better to buy a $10k firewall + Snort, a $5k firewall + $5k IPS, a $10k
all-in-one solution.
i.e. would a commercial IPS justify its $5k against Snort?

Thanx again.