In my normal, everyday worklife, I am a security engineer for a Managed Services firm.
I have a lot of experience with managing Checkpoint Firewalls, a little bit of experience with PIX and Netscreen, and fractional experience with proxy firewalls like Sidewinder.
My question is this-- which trend is the information security industry following? Stateful inspection, or proxy? (I think that the packet filtering route is pretty much obsolete by now. . .)
Also, which of the many firewall devices/applications/software do you prefer and why?
At the moment, I prefer PIX. There is some noise that it really wasn't designed for central managment of multiple firewalls, but that's all it is-- noise. I like how easy it is to compile access lists, the way changes take effect immediately. . . and Cisco prices it very well.
On my bad, evil and wicked list is Checkpoint. Checkpoint is so buggy, they've got a contract with Orkin to come out to Israel every month and spray their developement center. Never mind the fact that it is literally IMPOSSIBLE to keep up your Checkpoint certification-- the moment you feel like you understand all the changes they made from the last iteration, Checkpoint issues a new batch of software, and refuses to support the old stuff any longer.
I've got a sinking feeling this topic's going to migrate to page 2 very, very quickly. . .
Posted by Robespierre (Member # 5779) on :
Nothing to do with security, but...
Okay, I have a few domain names, and I am currently paying someone to host them for me. I have SBC DSL. I know how to set up Apache and have several spare machines to run these sites from, but I have a DHCP from SBC. Of course I need a static IP for the DNS to work. Is there any way around this? My connection is going through a Netgear wireless router. It looks like my IP resets every hour or so, even though I am not requesting a new one. When I asked SBC about getting a static IP, they said "SURE! Its going to be twice as much per month!" I will pay for the static IP if I have to, but would like to find a way around it.
Posted by fugu13 (Member # 2859) on :
I think, unfortunately, whatever they can eke out of their budget describes a lot of IT security.
A lot of places are still using basic packet filtering tech simply because they already have it and they can afford it.
A lot of universities are making the move towards stateful inspection (WashU recently purchased a Packeteer), because certain kinds of traffic eat up their bandwidth (*whistles innocently*).
Security breach detection systems like Snort are becoming more useful nowadays as well, I think, though they're encountering a lot of resistance because of the steep learning curve to configure them well, otherwise they're more trouble than they're worth.
Posted by fugu13 (Member # 2859) on :
That fast a reset is highly unusual. It only occurs when you reconnect. Your router has got to be set to reconnect too often. Check the settings.
Once you get a more stable IP, get yourself off to dyndns.org and sign up for their free forwarding service.
I do tech support for sbc dsl, unless you pay more you're not getting anything better than that. Of course, unless you pay more you're not getting a fast enough upload to make hosting a site worthwhile anyways (128kbps, or a little over twice dialup, doesn't exactly allow a lot of people to visit at once).
Posted by TomDavidson (Member # 124) on :
My only experiences have been with PIX and Checkpoint, myself, Scott, so I'm afraid I can't give you any new perspectives.
------
"I will pay for the static IP if I have to, but would like to find a way around it."
Do a web search for "Dynamic DNS hosting." Here's one site that does this: http://www.no-ip.com/ Posted by Dan_raven (Member # 3383) on :
***************GEEK THREAD WARNING***************
Posted by Scott R (Member # 567) on :
I think that was implied in the thread's topic, Dan. . .
Posted by Scott R (Member # 567) on :
Tom-- have your experiences with those two been similar to mine?
I.E: unmitigated frustration with Checkpoint, and relief with PIX?
Posted by Robespierre (Member # 5779) on :
Fugu and Tom, thanks for the advice. I have something to do this weekend now.
![[Frown]](frown.gif)
![[Big Grin]](biggrin.gif)