This is a cryptographically signed message in MIME format.

--===============0163833365==
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature";
micalg=sha1; boundary="------------ms030107020604040405020404"

This is a cryptographically signed message in MIME format.

--------------ms030107020604040405020404
Content-Type: multipart/mixed; boundary="------------070402080404060408040203"

This is a multi-part message in MIME format.
--------------070402080404060408040203
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Kaas, David D wrote:
>
> How many companies have two serial firewalls from different vendors?


Depends on size of organization or location, and exactly what purpose
the firewalls serve in serial. I assume you are talking about
choke-and-screen arrangements and Internet firewalls?

Generally,
- Few/no small biz, small office have 2 of anything. Terminating
broadband on a PPPoE capable firewall is what I recommend and I tell
them to eBay the telco's router.
- Medium businesses that have large enterprise assets may have this
arrangement. Here, I see more routers in the screen role and commercial
firewall appliances in the choke role. The router is often as not Cisco
and the firewall is often Netscreen/SonicWall/Watchguard.
- Large enterprises I've worked with are either Cisco shops or Cisco
plus CheckPoint. Again, router with PIX is a "better screen" and
Checkpoint is a choke and (ugh) integrated threat enforcement point.

Of course, if you are speaking to application level security, then I see
(and recommend) more best of breed than "buy the UTM device and deploy
it in serial, turning on the security measures where you think they are
appropriately deployed".

> How many companies have an IPS/deep-packet-inspection device between the
> firewall and the border router?


I honestly don't see a lot of this and unless there's a specific DOS
prevention issue, I don't see a lot of point in policing traffic that I
expect my firewall to block.

> How many companies still use IDS?


Depends on your use of the word "use" - lots still have IDS and IPS
connected to networks. I suspect fewer meaningfully improve their
security profile because they have dummied them down, or don't use what
they monitor. I'm among the "A properly configured and administered
firewall is often as good or better than IDS because it *is* IPS" radicals.


> How many companies have some form of deep packet inspection device in
> front of their DMZ web servers? What do they use?
>
> It seems like the added complexity and multiple devices will increase
> management costs and may actually decrease security and reliability.


Meh. We can argue all month over this. Depends on the available talent.

> Our current design may be rather simple but in over 12 years we have had
> less than a couple of hours of down time and have not had a detected
> breakin to our internal network.


No comment.

> I would appreciate any comments.
>
> Thank you,
>
> Dave Kaas
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailma...rewall-wizards
>


--------------070402080404060408040203
Content-Type: text/x-vcard; charset=utf-8;
name="dave.vcf"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="dave.vcf"

begin:vcard
fnavid Piscitello
n:Piscitello;David
adr;dom:;;3 Myrtle Bank Lane;Hilton Head;SC;29926
email;internet:dave@corecom.com
x-mozilla-html:FALSE
url:http://hhi.corecom.com/weblogindex.htm
version:2.1
end:vcard


--------------070402080404060408040203--

--------------ms030107020604040405020404
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCS qGSIb3DQEHAQAAoIII/zCC
AtowggJDoAMCAQICEF0LYBAiw6o0EV6S7w7ELuowDQYJKoZIhv cNAQEFBQAwYjELMAkGA1UE
BhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdH kpIEx0ZC4xLDAqBgNVBAMT
I1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB 4XDTA2MDgwNzE2NDI1MFoX
DTA3MDgwNzE2NDI1MFowQjEfMB0GA1UEAxMWVGhhd3RlIEZyZW VtYWlsIE1lbWJlcjEfMB0G
CSqGSIb3DQEJARYQZGF2ZUBjb3JlY29tLmNvbTCCASIwDQYJKo ZIhvcNAQEBBQADggEPADCC
AQoCggEBAK00H3a4L9AWWyB6EeuQCuV6a5XECMgTsEvx/5NgXXlokyB9al+etDSm0IdI5Rhc
8ItOtfp0HSV2SkqDrLY+qtJ60wBn73KjpPqthpma4PV9H6OXKI 5RzLk7ePn9aOxONihd9JAD
XDkNTzTkuaogmgOY1enGsafG26Rc+G+z4QusPZelXqaSKwB4+e 3QZTKkPX+UGC0rVHNBOh35
3LY+B6wE3p5rlhDtOeQ9SgDAqR9XXX5bV8wD6ZAaT9DxAU2Jrr RTFSBvhO7zr9z9OAG1tJmP
WbJbNB2lM9EAPU0iQvB82Iz1cXtizYvrdf5H/eznFsRaxlELuZuYbBHw38DCwPkCAwEAAaMt
MCswGwYDVR0RBBQwEoEQZGF2ZUBjb3JlY29tLmNvbTAMBgNVHR MBAf8EAjAAMA0GCSqGSIb3
DQEBBQUAA4GBAG4dtrniVWF3ntg2aYaCCZX/oOOTZf8aXtB6bP7WqiGuPxbv019+Ijbd+czp
dDavh9ovWtYM2++xK9d5Jp+NrfHamZCo4V12WLM/YnTPedcgMLpf8GNdW951A7Rnc2D74iNC
NChO6/qJIhLQCm/iGiWg19J8R0WvIBPBJfzANzQvMIIC2jCCAkOgAwIBAgIQXQtgE CLDqjQR
XpLvDsQu6jANBgkqhkiG9w0BAQUFADBiMQswCQYDVQQGEwJaQT ElMCMGA1UEChMcVGhhd3Rl
IENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3 RlIFBlcnNvbmFsIEZyZWVt
YWlsIElzc3VpbmcgQ0EwHhcNMDYwODA3MTY0MjUwWhcNMDcwOD A3MTY0MjUwWjBCMR8wHQYD
VQQDExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMR8wHQYJKoZIhv cNAQkBFhBkYXZlQGNvcmVj
b20uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQ EArTQfdrgv0BZbIHoR65AK
5XprlcQIyBOwS/H/k2BdeWiTIH1qX560NKbQh0jlGFzwi061+nQdJXZKSoOstj6q0n rTAGfv
cqOk+q2GmZrg9X0fo5cojlHMuTt4+f1o7E42KF30kANcOQ1PNO S5qiCaA5jV6caxp8bbpFz4
b7PhC6w9l6VeppIrAHj57dBlMqQ9f5QYLStUc0E6Hfnctj4HrA TenmuWEO055D1KAMCpH1dd
fltXzAPpkBpP0PEBTYmutFMVIG+E7vOv3P04AbW0mY9Zsls0Ha Uz0QA9TSJC8HzYjPVxe2LN
i+t1/kf97OcWxFrGUQu5m5hsEfDfwMLA+QIDAQABoy0wKzAbBgNVHRE EFDASgRBkYXZlQGNv
cmVjb20uY29tMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEFBQADgYEAbh22ueJVYXee2DZp
hoIJlf+g45Nl/xpe0Hps/taqIa4/Fu/TX34iNt35zOl0Nq+H2i9a1gzb77Er13kmn42t8dqZ
kKjhXXZYsz9idM951yAwul/wY11b3nUDtGdzYPviI0I0KE7r+okiEtAKb+IaJaDX0nxHRa8g
E8El/MA3NC8wggM/MIICqKADAgECAgENMA0GCSqGSIb3DQEBBQUAMIHRMQswCQYDVQ QGEwJa
QTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYX BlIFRvd24xGjAYBgNVBAoT
EVRoYXd0ZSBDb25zdWx0aW5nMSgwJgYDVQQLEx9DZXJ0aWZpY2 F0aW9uIFNlcnZpY2VzIERp
dmlzaW9uMSQwIgYDVQQDExtUaGF3dGUgUGVyc29uYWwgRnJlZW 1haWwgQ0ExKzApBgkqhkiG
9w0BCQEWHHBlcnNvbmFsLWZyZWVtYWlsQHRoYXd0ZS5jb20wHh cNMDMwNzE3MDAwMDAwWhcN
MTMwNzE2MjM1OTU5WjBiMQswCQYDVQQGEwJaQTElMCMGA1UECh McVGhhd3RlIENvbnN1bHRp
bmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbm FsIEZyZWVtYWlsIElzc3Vp
bmcgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMSmPF VzVftOucqZWh5owHUEcJ3f
6f+jHuy9zfVb8hp2vX8MOmHyv1HOAdTlUAow1wJjWiyJFXCO3c nwK4Vaqj9xVsuvPAsH5/Ef
kTYkKhPPK9Xzgnc9A74r/rsYPge/QIACZNenprufZdHFKlSFD0gEf6e20TxhBEAeZBlyYLf7
AgMBAAGjgZQwgZEwEgYDVR0TAQH/BAgwBgEB/wIBADBDBgNVHR8EPDA6MDigNqA0hjJodHRw
Oi8vY3JsLnRoYXd0ZS5jb20vVGhhd3RlUGVyc29uYWxGcmVlbW FpbENBLmNybDALBgNVHQ8E
BAMCAQYwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVByaXZhdG VMYWJlbDItMTM4MA0GCSqG
SIb3DQEBBQUAA4GBAEiM0VCD6gsuzA2jZqxnD3+vrL7CF6FDlp Sdf0whuPg2H6otnzYvwPQc
UCCTcDz9reFhYsPZOhl+hLGZGwDFGguCdJ4lUJRix9sncVcljd 2pnDmOjCBPZV+V2vf3h9bG
CE6u9uo05RAaWzVNd+NWIXiC3CEZNd4ksdMdRv9dX2VPMYIDZD CCA2ACAQEwdjBiMQswCQYD
VQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKF B0eSkgTHRkLjEsMCoGA1UE
AxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0 ECEF0LYBAiw6o0EV6S7w7E
LuowCQYFKw4DAhoFAKCCAcMwGAYJKoZIhvcNAQkDMQsGCSqGSI b3DQEHATAcBgkqhkiG9w0B
CQUxDxcNMDcwMTE4MTkzOTU4WjAjBgkqhkiG9w0BCQQxFgQUOn t4GEZYcvceHY/9Qj36tGq2
/J4wUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhki G9w0DAgICAIAwDQYIKoZI
hvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwgYUGCS sGAQQBgjcQBDF4MHYwYjEL
MAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW 5nIChQdHkpIEx0ZC4xLDAq
BgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW 5nIENBAhBdC2AQIsOqNBFe
ku8OxC7qMIGHBgsqhkiG9w0BCRACCzF4oHYwYjELMAkGA1UEBh MCWkExJTAjBgNVBAoTHFRo
YXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1 RoYXd0ZSBQZXJzb25hbCBG
cmVlbWFpbCBJc3N1aW5nIENBAhBdC2AQIsOqNBFeku8OxC7qMA 0GCSqGSIb3DQEBAQUABIIB
AGX2ta78WbFsZOtib1TxEzVntrMJAqdmf+zitYfn9o/DBlPCys1+Ntcvt8k/IkI0SP0BDRNU
lg718kCDmdIegYAbv7S7ZB0+bAOO2RHGsQfTYKWQYJqC2DYXW4 Ho3VC7a6Fj7WpKYEOCwxwe
uPSQwyKn/qI3RL+OdvdYFEIimeYegNFR7J6EZuvklzApja65Tapery3BJrX eEM9niJYLyiy9
BgrKFl5F4SCIO0YwRLpPdgc62zN1i+JABvVOQ72LAc90UyqlSv 7MXrcrU0bAgOVHF+OhX/ud
Kf64RloMSH7vXdc/R2GI/9c27QLSSHsGSngvkvznyh8gdfNGY5HE67QAAAAAAAA=
--------------ms030107020604040405020404--

--===============0163833365==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards

--===============0163833365==--