Re: CRIME Checkpoint versus Sonicwall

From: Crispin Cowan (crispin@private)
Date: Tue Aug 27 2002 - 22:24:21 PDT

  • Next message: Eric Kornberg: "RE: CRIME Checkpoint versus Sonicwall"

    Andrew Plato wrote:
    
    >Thus, a decision matrix for these products might be: 
    >
    >If money is an issue: Stick with SonicWall, WatchGuard, or an open source firewall like IP filters in BSD. 
    >
    >If you have money, need scalability, and want something popular: CheckPoint or PIX.
    >
    >If you have money, and are speed obsessed: Netscreen. 
    >
    Money, scalability, speed: very nice. Uh, what about security? The 
    Symantec product is a "hybrid" firewall (i.e. uses proxies) while the 
    others are packet filters. IMHO, that adds security value.
    
    >I prefer full-intrusion detection capabilities out at the end-points. That way if the remote box gets hacked off-line or something comes down from corporate through the tunnel, the IDS (operating independent of the VPN software) can still pick it up and report it.
    >
    That is also a role for secure operating systems (our products). IDS 
    just tell you that you've just been had, and you're about to have a bad 
    weekend :)
    
    Crispin
    
    -- 
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX                      http://wirex.com/~crispin/
    Security Hardened Linux Distribution:       http://immunix.org
    Available for purchase: http://wirex.com/Products/Immunix/purchase.html
    



    This archive was generated by hypermail 2b30 : Wed Aug 28 2002 - 00:39:23 PDT