--===============1554704679==
Content-Type: multipart/alternative; boundary="0-1435864274-1169152009=:35416"
Content-Transfer-Encoding: 8bit

--0-1435864274-1169152009=:35416
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

Cisco safe docuements is a good guide in my oppinion as to how to protect different size networks, and networks with different services. ( btw: I don't work for Cisco )
http://www.cisco.com/en/US/netsol/ns...s_package.html


AMuse wrote:

> How many companies have two serial firewalls from different vendors?
>



> How many companies have an IPS/deep-packet-inspection device between the
> firewall and the border router?
>
> How many companies still use IDS?
>
> How many companies have some form of deep packet inspection device in
> front of their DMZ web servers? What do they use?



My guess to all four questions above would be "Few small companies, some
medium sized companies, many large companies and very many government
agencies".

>
> It seems like the added complexity and multiple devices will increase
> management costs and may actually decrease security and reliability.
> Our current design may be rather simple but in over 12 years we have had
> less than a couple of hours of down time and have not had a detected
> breakin to our internal network.


In general, I believe all added complexity increases management costs
and, if poorly managed, may decrease security and reliability. The
question is what is your budget, what's the trade-offs between security
and availability, and what is the data worth to you compared to the above?

Incidentally, not having a detected break-in to the internal network is
not a great yardstick for how good your security is. For instance, a
small company with no analysts might have a dozen attackers rootkitting
them and not know it.


>
> I would appreciate any comments.
>
> Thank you,
>
> Dave Kaas
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailma...rewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards



---------------------------------
Everyone is raving about the all-new Yahoo! Mail beta.
--0-1435864274-1169152009=:35416
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

Cisco safe docuements is a good guide in my oppinion as to how to protect different size networks, and networks with different services. ( btw: I don't work for Cisco )


AMuse <amuse@foofus.com> wrote:

> How many companies have two serial firewalls from different vendors?
>


> How many companies have an IPS/deep-packet-inspection device between the
> firewall and the border router?
>
> How many companies still use IDS?
>
> How many companies have some form of deep packet inspection device in
> front of their DMZ web servers? What do they
use?


My guess to all four questions above would be "Few small companies, some
medium sized companies, many large companies and very many government
agencies".

>
> It seems like the added complexity and multiple devices will increase
> management costs and may actually decrease security and reliability.
> Our current design may be rather simple but in over 12 years we have had
> less than a couple of hours of down time and have not had a detected
> breakin to our internal network.

In general, I believe all added complexity increases management costs
and, if poorly managed, may decrease security and reliability. The
question is what is your budget, what's the trade-offs between security
and availability, and what is the data worth to you compared to the above?

Incidentally, not having a detected break-in to the internal network is
not a great yardstick for how good your security is. For
instance, a
small company with no analysts might have a dozen attackers rootkitting
them and not know it.


>
> I would appreciate any comments.
>
> Thank you,
>
> Dave Kaas
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards




Everyone is raving about the all-new Yahoo! Mail beta.
--0-1435864274-1169152009=:35416--

--===============1554704679==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards

--===============1554704679==--