Couple of questions about security appliances
I'm restructuring the network security of my company, and at least we have to buy a firewall and possibly another machine for IDS (maybe I can reuse an old IBM machine). Speaking with the coordinator of my area, he suggested that perhaps buying a security appliance was a better idea. His idea was to replace a switch with the security appliance but:
Do they provide switching capabilities?
Do they really worth? Because I'm not sure that having all security defenses within the same device is appropriated (single point of failure).
Do they provide switching capabilities?
Do they really worth? Because I'm not sure that having all security defenses within the same device is appropriated (single point of failure).
Comments
-
SecurityThroughObscurity Member Posts: 212 ■■■□□□□□□□You can purchase a firewall with ips functionality and put on the edge of your network.
What kind of switching capabilities do you need? -
Master Of Puppets Member Posts: 1,210Snort for the IDS? You save money and get a high quality product.Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.
-
SephStorm Member Posts: 1,731 ■■■■■■■□□□Hmm, how large is the organization? If you really want to pay attention to security, you are looking at numerous devices spread throughout the network and around the clock monitoring. If you do want to use an old system you really have to consider your requirements, you will want to maintain logs and histories, that's going to take some HDD space. Enough processing power to monitor the network without introducing latency. You'll also want to introduce anti-spam capabilities.
I'd advise you talk to several vendors who specialize in security device deployments. better to have intergrated devices where you can easily manage them and their upkeep rather than individual systems under the control of different departments and having to maintain them over the years. -
yzT Member Posts: 365 ■■■□□□□□□□
My company (blue) is the back-end of a large network (gov-level). Beyond the External switch everything is a black box for us. We do not manage this switch either.
My coordinator says to replace Internal switch for a security appliance, that's why I asked whether or not they have switching capabilities. My idea was to put a firewall between Internal and External, and then a machine with Snort connected to Internal using a SPAN port.
Also, he just told me that the connection between Internal and External is made by three wires, one for each VLAN. Does it make sense? Can a firewall handle these three connections? -
jibbajabba Member Posts: 4,317 ■■■■■■■■□□I think Sonicwalls can do that. You say wires - VXLANs ?My own knowledge base made public: http://open902.com
-
NovaHax Member Posts: 502 ■■■■□□□□□□Yeah...generally when I think of "security appliances", I think either in-line or SPAN/TAP devices. There are obviously some switches that have more secure implementations and features, but I wouldn't really consider them "security appliances". There may be some switches that internally do traffic monitoring (none that I know of), but it seems to me that it would be more cost-efficient and more extensible to do a traditional SPAN solution.
Did you happen to ask the coordinator what types of devices he/she was referring to? Maybe they have something specific in mind...or maybe they don't have a clue what they are talking about. But probably the best way to find that out is to ask the source. -
yzT Member Posts: 365 ■■■□□□□□□□or maybe they don't have a clue what they are talking about
He just heard the buzzword "security appliance" and now he does want one