Firewall @ remote location

David Kennedy CISSP david.kennedy at
Tue Nov 2 17:42:12 EST 1999


At 07:17 PM 10/26/1999 -0400, Danilo Dessi wrote: 
I am planning a "VPN" to connect a bank's head office with a small
rep. office.  My question regards firewalls.  Since there will only be
one computer at the rep office it is very hard to justify a firewall
which can cost more than the computer.  

I suggest you flip your question around...what's it worth to the bank
to avoid having something bad happen via this system?  

The responses so far come in just a couple flavors, use a client to
your corporate firewall (OBVPN) and use something cheap but of unknown
effectiveness.  I'll make some generalizations:  it's a U$1,500 PC,
with another U$500 worth of software, running on a comm line that cost
U$600 a year, operated by an employee who makes U$ thousands? in
salary annually, it's processing information worth U$thousands? to the
bank and protecting that will either be a U$50-U$100 software program
of unknown assurance or
Most DSL routers have a firewall feature set. On Flowpoints its only
$200 (quite a horrible firewall implementation actually), which should
the job.


Does the bank really want a "horrible" firewall implementation (see
Bugtraq in both April and August of this year) just because it
included in the cost of the connection?

Or would the bank prefer a firewall client that costs U$hundreds or a
more robust firewall appliance like PIX or Office Cable Modem or
GNATbox?  I'm not suggesting you spend as much as you possibly can
getting the biggest, prettiest, most featurefull box available with
it's own maintenance contract, a month of training for the new admin,
and oh yeah, hire a full-time firewall admin for that one PC.  I'm
trying to suggest comparing the value of the IT to the bank and pick a
more reasonable, even if more expensive, and robust solution.

How much does the bank spend on the physical security of the that
branch to avoid having something bad happen?

Version: PGP Personal Privacy 6.0.2
Comment: How long has it been since you backed up your HD?


TO POST A MESSAGE on this list, send it to vpn at

The VPN FAQ (under construction) is available at

We are currently experiencing "unsubscribe" difficulties.  If you
wish to unsubscribe, please send a message containing the single line
"unsubscribe vpn your-e-mail-address" to owner-vpn at


More information about the VPN mailing list