Posted on Aug 12, 2015
Firewall for Network Security. . . Do you use it? Host or Network?
13.9K
60
58
4
4
0
Posted >1 y ago
Responses: 15
There are several regulations, edicts, or industry practices that require firewalls between certain types of servers. For the client I develop for at the company I work, there are firewalls between front end, middle wear and database servers. Not to mention there are firewalls separating each client and on the core switch coming into our data-center. For PCI compliance we don't even store credit card information. We've outsourced it to a company that specializes in processing and storing credit card data.
(5)
(0)
GySgt Carl Rumbolo
For business use I tend to favor Checkpoint, at one time I had a Watchguard SOHO device, it was adequate but really didn't meet some of my needs in terms of multiple VPN end points etc - it became an issue around licensing costs. Cisco makes good product, again, licensing can be a cost driver for Cisco (as well as Checkpoint).
I do some level of consulting work on the side for small businesses and for that my go to solution is the Ubiquiti series devices - it's relatively inexpensive, and properly configured very secure - though you really need to know what you are doing. It will meet PCI testing standards, and in addition is fully in line with requirements to meet HIPPA security needs.
I do some level of consulting work on the side for small businesses and for that my go to solution is the Ubiquiti series devices - it's relatively inexpensive, and properly configured very secure - though you really need to know what you are doing. It will meet PCI testing standards, and in addition is fully in line with requirements to meet HIPPA security needs.
(0)
(0)
GySgt Carl Rumbolo
SGT (Join to see) - SSH is not a firewall, so not sure of the relevance. SSH is essentially secure telnet. An access solution.
(0)
(0)
LCpl Arrick Moore
I've used the 4.... Checkpoint, SonicWALL, WatchGuard and Cisco.... I very much prefer the checkpoint, but in order of user configurability and cost of configuration, it would be cheapest to most expensive... watchguard, sonicwall cisco, checkpoint...
(1)
(0)
SGT (Join to see)
LCpl Arrick Moore - Never heard of Checkpoint. You seem to have nothing but great things to say about it, though.
(0)
(0)
(0)
(0)
SGT (Join to see)
SSgt Alex Robinson - Are those suggestions different now? Regardless, can you specify some products to consider?
(0)
(0)
NMCI told me that my network settings are "too paranoid" to work with their laptops. F*** 'em if they can't take a joke!
(2)
(0)
GySgt Carl Rumbolo
Now that is an 'professional' response from an IT person. Seriously, too much security is just as bad as 'too little'. Security controls, including network access controls should be configured to meet the requirements of security while not limiting business processes and functions.
Once you start 'locking' things down for the sake of locking them down, you will quickly find yourself playing whack-a-mole with vulnerabilities as end-users try to work around things. Worse - in a business oriented environment you will quickly alienate your internal customers and find yourself irrelevant and outsourced.
Once you start 'locking' things down for the sake of locking them down, you will quickly find yourself playing whack-a-mole with vulnerabilities as end-users try to work around things. Worse - in a business oriented environment you will quickly alienate your internal customers and find yourself irrelevant and outsourced.
(0)
(0)
Sgt Ken Prescott
I understand, but my network is there to meet my needs, and NMCI was willing to accept risks that I found to be unacceptable. (About a year later, they wound up incorporating my settings because they had been hacked--said hack had been active at the time I had told NMCI that they were taking unacceptable risks for the security of my network. If I had said OK, my family's information would have been compromised.)
(0)
(0)
SGT (Join to see)
Sgt Ken Prescott - They didn't like your higher standard until it proved effective and necessary.
(1)
(0)
Read This Next