Firewall @ remote location

Tue Nov 2 17:42:12 EST 1999

-----BEGIN PGP SIGNED MESSAGE-----

At 07:17 PM 10/26/1999 -0400, Danilo Dessi wrote: 
>>>>
I am planning a "VPN" to connect a bank's head office with a small
rep. office.  My question regards firewalls.  Since there will only be
one computer at the rep office it is very hard to justify a firewall
which can cost more than the computer.  
<<<<

I suggest you flip your question around...what's it worth to the bank
to avoid having something bad happen via this system?  

The responses so far come in just a couple flavors, use a client to
your corporate firewall (OBVPN) and use something cheap but of unknown
effectiveness.  I'll make some generalizations:  it's a U$1,500 PC,
with another U$500 worth of software, running on a comm line that cost
U$600 a year, operated by an employee who makes U$ thousands? in
salary annually, it's processing information worth U$thousands? to the
bank and protecting that will either be a U$50-U$100 software program
of unknown assurance or
>>>>
Most DSL routers have a firewall feature set. On Flowpoints its only
about
$200 (quite a horrible firewall implementation actually), which should
do
the job.

<<<<

Does the bank really want a "horrible" firewall implementation (see
Bugtraq in both April and August of this year) just because it
included in the cost of the connection?

Or would the bank prefer a firewall client that costs U$hundreds or a
more robust firewall appliance like PIX or Office Cable Modem or
GNATbox?  I'm not suggesting you spend as much as you possibly can
getting the biggest, prettiest, most featurefull box available with
it's own maintenance contract, a month of training for the new admin,
and oh yeah, hire a full-time firewall admin for that one PC.  I'm
trying to suggest comparing the value of the IT to the bank and pick a
more reasonable, even if more expensive, and robust solution.

How much does the bank spend on the physical security of the that
branch to avoid having something bad happen?

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.0.2
Comment: How long has it been since you backed up your HD?

iQCVAwUBOB9ow/GfiIQsciJtAQGTlQP+LXWirSgEBIc22bb/REn+uSjtN65FgP8c
kCI2r+9+saHbgGxifazyupAEy6nM4hwoqnHpY4LQrSW7ExzcFAlhWEIBSzZyzIW2
BxyFVtnafd2PvxrcwfeW2gErEHLBswuiZN6AL5TsDdvqOa9eqsmdrGquzqM6itXV
9AwSfmCJOdE=
=W0Up
-----END PGP SIGNATURE-----

****************************************************************
TO POST A MESSAGE on this list, send it to vpn at listserv.secnetgroup.com

The VPN FAQ (under construction) is available at
http://kubarb.phsx.ukans.edu/~tbird/vpn/FAQ.html

We are currently experiencing "unsubscribe" difficulties.  If you
wish to unsubscribe, please send a message containing the single line
"unsubscribe vpn your-e-mail-address" to owner-vpn at listserv.secnetgroup.com

****************************************************************