When you learned about the various technology products needed to secure an Internet perimeter, what differentiates one product from another in the marketplace? Why would a Cisco firewall be better than a SONICWall firewall, or is it? As you think about these questions, what might be some questions you'd ask a security product vendor when selecting firewalls, routers, and IDSs?
2-Please answer this post like discussion if you agree or disagree, and why? Please explain it. This post is the answer from somebody else about question #1.
When choosing firewall for network implementation, many things can differentiate one firewall from another. Firewalls can be different from each other according to what they offer. These are services that most firewalls offer today:
1.0 Full State Awareness, which has access to the "raw message," and can examine data from all packet layers. In addition, FireWall-1 analyzes state information from previous communications and other applications. The Inspection Module examines IP addresses, port numbers, and any other information required in order to determine whether packets comply with the enterprise security policy. It also stores and updates state and context information in dynamic connections tables.
2.0 Securing "Stateless" Protocols allows the firewall to understand the internal structures of the IP protocol family and applications built on top of them. For stateless protocols such as UDP aand RPC, the Inspection Module extracts data from a packet's application content and stores it in the state connections tables, providing context in cases where the application does not provide it. In addition, it can dynamically allow or disallow connections as necessary. These capabilities provide the highest level of security for complex protocols.
3.0 The Inspect language is based on using a checkpoint language for inspection of packets
4.0 Stateful Inspection: Under the hood to the firewall is able to ensure highest level of security, a firewall must be capable of accessing, analyzing and utilizing the following. The following functions are performed by stateful firewall: Communication Information - information from all seven layers in the packet
Communication-derived State - the state derived from previous communications. For example, the outgoing PORT command of an FTP session could be saved so that an incoming FTP data connection can be verified against it.
Application-derived State - the state information derived from other applications. For example, a previously authenticated user would be allowed access through the firewall for authorized services only.
Information Manipulation - the evaluation of flexible expressions based on all the above factors.
Check Point's Stateful Inspection is able to meet all the security requirements defined above.
Personally when designing network for a small or medium company I will choose Sonicwall over Cisco because of easy to configure that its firewalls offer, and the price that is much cheaper than Cisco's. In the opposite if I have to design a network for large company I will choose Cisco firewall because of the complexity of their system design, also because the name of Cisco which will give them more assurance than Sonicwall will do. The best thing to do is also mix both firewalls in the design since their interoperability is guaranteed.
Firewalls are the very important devices we use these days to secure Internet Perimeter.
Before going into the question we will have a look at the different classifications of firewalls:
There are several classifications of firewalls depending on:
* Whether the communication is being done between a single node and the network, or between two or more networks.
* Whether the communication is intercepted at the network layer, or at the application layer.
* Whether the communication state is being tracked at the firewall or not.
With regard to the scope of filtered communications there exist:
* Personal firewalls, a software application which normally filters traffic entering or leaving a single computer. This filtering may be based on the traffic itself or on the identity of the process which is attempting to listen for or send data.
* Network firewalls, normally running on a dedicated network device or computer positioned on the boundary of two or more networks or DMZs (demilitarized zones). Such a firewall filters all traffic entering or leaving the connected networks.
The latter definition corresponds to the conventional, traditional meaning ...
Solution clearly explains the important computer network perimeter security related devices, their usage.