Firewall Wizards mailing list archives
Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG)
From: Chris Blask <chris () blask org>
Date: Thu, 25 May 2006 15:42:07 -0400
At 12:11 PM 24/05/2006, Robert A Beken wrote:
I have a question for the group about this new trend of using a single firewall for all IDS and Firewall related tasks in an integrated box for enterprise organizations (not SOHO). I personally think it's a bad idea and lacks flexibility in configuration and "defense in depth" posture towards security. What are other people's thoughts?
Hey Robert! In the end, embedding security functionality into the network is inevitable and necessary. As has been said eloquently by others on the thread, the real question is "at what point is it a good idea to integrate Security Function X with Function Y?". This depends on detail of the discreet application and the vendor offerings at that time. In short: we've crossed over the boundary wherein it was always best to separate security activities from each other as well as non-security functions, but we have not yet reached the state where integrated functionality is typically an obvious winner. You need to weigh the specific bits of desired functionality for different applications on your network to determine whether a dedicated or hybrid solution is correct. You need to do this in the primary context of the amount of resources available to you (and if that is an infinite amount, you don't need our help... ;~). IMO, the current PIX ("ASA" my fanny) is pretty good and the ISR idea (one sheetmetal box with multiple purpose-built hardware modules) is a solid concept showing some early positive applications. With those thoughts in mind, I suggest looking at the management infrastructure as the biggest single gain in security for resources spent. None of this stuff makes much difference in the end if you can't see what it's doing. -cheers! -chris -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.392 / Virus Database: 268.7.0/345 - Release Date: 22/05/2006 _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Robert A Beken (May 25)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Shashi Shekhar (May 25)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) R. Rocky (May 25)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Johann_van_Duyn (May 25)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) sushil menon (May 25)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Paul D. Robertson (May 25)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) ArkanoiD (May 26)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) sushil menon (May 25)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Shashi Shekhar (May 25)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Dave Piscitello (May 25)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) ArkanoiD (May 25)
- Message not available
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Chris Blask (May 25)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) George Capehart (May 25)
- Message not available
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Marcus J. Ranum (May 25)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Frank Pawlak (May 25)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Jim Seymour (May 26)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Frank Pawlak (May 26)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Marcus J. Ranum (May 26)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Carson Gaspar (May 26)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Marcus J. Ranum (May 25)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Chris Blask (May 25)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) sushil menon (May 26)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Chris Blask (May 26)