Firewall @ remote location

Thu Nov 4 08:58:26 EST 1999

David,

    I agree that selecting a security based upon price is not  reasonable.
The Money issued should be from a savings point of view.  If the bank installs
a less then adequate solution they are wasting money.  If on the other hand
they institute an effective policy based security system with intrusion
detection they will realize significant savings.  This can be done either on
sight, but this is where cost savings comes in.  To hire, train and maintain a
security person is extremely costly.  Replacing that person when they quit to
go to a better paying job will be even more costly.  Utilizing a company that
provides managed security services can give you the security that the bank
needs at a cost significantly less then doing it all themselves.  A Check
Point based solution with their Real Secure intrusion detection product would
be a perfect solution at a reasonable price.

Kevin Fannon
Technical Consultant
Innovative Technology

David Kennedy CISSP wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
>
> At 07:17 PM 10/26/1999 -0400, Danilo Dessi wrote:
> >>>>
> I am planning a "VPN" to connect a bank's head office with a small
> rep. office.  My question regards firewalls.  Since there will only be
> one computer at the rep office it is very hard to justify a firewall
> which can cost more than the computer.
> <<<<
>
> I suggest you flip your question around...what's it worth to the bank
> to avoid having something bad happen via this system?
>
> The responses so far come in just a couple flavors, use a client to
> your corporate firewall (OBVPN) and use something cheap but of unknown
> effectiveness.  I'll make some generalizations:  it's a U$1,500 PC,
> with another U$500 worth of software, running on a comm line that cost
> U$600 a year, operated by an employee who makes U$ thousands? in
> salary annually, it's processing information worth U$thousands? to the
> bank and protecting that will either be a U$50-U$100 software program
> of unknown assurance or
> >>>>
> Most DSL routers have a firewall feature set. On Flowpoints its only
> about
> $200 (quite a horrible firewall implementation actually), which should
> do
> the job.
>
> <<<<
>
> Does the bank really want a "horrible" firewall implementation (see
> Bugtraq in both April and August of this year) just because it
> included in the cost of the connection?
>
> Or would the bank prefer a firewall client that costs U$hundreds or a
> more robust firewall appliance like PIX or Office Cable Modem or
> GNATbox?  I'm not suggesting you spend as much as you possibly can
> getting the biggest, prettiest, most featurefull box available with
> it's own maintenance contract, a month of training for the new admin,
> and oh yeah, hire a full-time firewall admin for that one PC.  I'm
> trying to suggest comparing the value of the IT to the bank and pick a
> more reasonable, even if more expensive, and robust solution.
>
> How much does the bank spend on the physical security of the that
> branch to avoid having something bad happen?
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Personal Privacy 6.0.2
> Comment: How long has it been since you backed up your HD?
>
> iQCVAwUBOB9ow/GfiIQsciJtAQGTlQP+LXWirSgEBIc22bb/REn+uSjtN65FgP8c
> kCI2r+9+saHbgGxifazyupAEy6nM4hwoqnHpY4LQrSW7ExzcFAlhWEIBSzZyzIW2
> BxyFVtnafd2PvxrcwfeW2gErEHLBswuiZN6AL5TsDdvqOa9eqsmdrGquzqM6itXV
> 9AwSfmCJOdE=
> =W0Up
> -----END PGP SIGNATURE-----
>
> ****************************************************************
> TO POST A MESSAGE on this list, send it to vpn at listserv.secnetgroup.com
>
> The VPN FAQ (under construction) is available at
> http://kubarb.phsx.ukans.edu/~tbird/vpn/FAQ.html
>
> We are currently experiencing "unsubscribe" difficulties.  If you
> wish to unsubscribe, please send a message containing the single line
> "unsubscribe vpn your-e-mail-address" to owner-vpn at listserv.secnetgroup.com
>
> ****************************************************************
-------------- next part --------------
A non-text attachment was scrubbed...
Name: kfannon.vcf
Type: text/x-vcard
Size: 387 bytes
Desc: Card for Kevin Fannon
Url : http://lists.shmoo.com/pipermail/vpn/attachments/19991104/b77db645/attachment.vcf 