Firewall Wizards mailing list archives

Re: Firewalls Compared

From: Dave Piscitello <yodave () hargray com>
Date: Mon, 21 Jun 2004 16:02:00 -0400

Paul, good list (I'd love to have your permission to publish it atLOOP.interop.com, with your attribution, of course). I would add:


11. What methods does the firewall provide to assist me in
asserting my security policy is enforced: specifically, are
the log entries generated sufficiently detailed?
12. Perhaps included in your thinking regarding upgrade path,
but authentication rather than performance-focused: does the
firewall support all present and projected auth methods; if
PKI, who's certs?

I'd also add related checks if you intend to use
an IPsec VPN for remote access
- origin of client SW (who wrote it),
- availability of non-Windows clients (if appropriate),
- reliability/track record of client SW vis-a-vis install across
  different Win OS and hardware
- suitability of client for use with other firewalls (if multi-
  organizational collaborative/B2B/B2C is something you must satisfy)
- client policy administration/enforcement method
I know this goes beyond "just a firewall" so if O/T ignore.


At 11:47 AM 6/21/2004 -0400, Paul D. Robertson wrote:

1.  How well do the boxes implement my proposed security policy.
2.  Do they pass testing for implementing my security policy.
3.  How do the boxes perform implementing my security policy[1.]
4.  What is my upgrade path should my performance requirements change?
5.  How well can the devices be administered by multiple levels of
    people if my security policy defines and requires such.
6.  Historically, how well has the vendor done.
7.  What does it take to make them fall over.  If you can't make them fall
    over, you're not testing hard enough.
8.  How intuitive is my security policy when added to the systems.
9.  Failover/backup issues (test both.).
10.  License issues (how do they handle license failure, and how long
does it take to recover.)



_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Firewalls Compared kashif (Jun 21)
- Re: Firewalls Compared Paul D. Robertson (Jun 21)
  - Re: Firewalls Compared Gwendolynn ferch Elydyr (Jun 21)
  - Re: Firewalls Compared Dave Piscitello (Jun 21)
    - Re: Firewalls Compared Ryan M. Ferris (Jun 22)
    - Re: Firewalls Compared Paul D. Robertson (Jun 22)
    - Re: Firewalls Compared Devdas Bhagat (Jun 22)
    - Re: Firewalls Compared Paul D. Robertson (Jun 22)
    - Re: Firewalls Compared Devdas Bhagat (Jun 22)
    - Re: Firewalls Compared Paul D. Robertson (Jun 23)
    - RE: Firewalls Compared Laura Taylor (Jun 26)
    - Re: Firewalls Compared ArkanoiD (Jun 28)
    - RE: Firewalls Compared Laura Taylor (Jun 28)
    - Re: Firewalls Compared Marcus J. Ranum (Jun 28)

(Thread continues...)