Andrew Plato wrote: >Thus, a decision matrix for these products might be: > >If money is an issue: Stick with SonicWall, WatchGuard, or an open source firewall like IP filters in BSD. > >If you have money, need scalability, and want something popular: CheckPoint or PIX. > >If you have money, and are speed obsessed: Netscreen. > Money, scalability, speed: very nice. Uh, what about security? The Symantec product is a "hybrid" firewall (i.e. uses proxies) while the others are packet filters. IMHO, that adds security value. >I prefer full-intrusion detection capabilities out at the end-points. That way if the remote box gets hacked off-line or something comes down from corporate through the tunnel, the IDS (operating independent of the VPN software) can still pick it up and report it. > That is also a role for secure operating systems (our products). IDS just tell you that you've just been had, and you're about to have a bad weekend :) Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX http://wirex.com/~crispin/ Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html
This archive was generated by hypermail 2b30 : Wed Aug 28 2002 - 00:39:23 PDT