Couple of questions about security appliances

yzTyzT Member Posts: 365 ■■■□□□□□□□
I'm restructuring the network security of my company, and at least we have to buy a firewall and possibly another machine for IDS (maybe I can reuse an old IBM machine). Speaking with the coordinator of my area, he suggested that perhaps buying a security appliance was a better idea. His idea was to replace a switch with the security appliance but:

Do they provide switching capabilities?

Do they really worth? Because I'm not sure that having all security defenses within the same device is appropriated (single point of failure).

Comments

  • You can purchase a firewall with ips functionality and put on the edge of your network.
    What kind of switching capabilities do you need?
  • Master Of PuppetsMaster Of Puppets Member Posts: 1,210
    Snort for the IDS? You save money and get a high quality product.
    Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.
  • SephStormSephStorm Member Posts: 1,732
    Hmm, how large is the organization? If you really want to pay attention to security, you are looking at numerous devices spread throughout the network and around the clock monitoring. If you do want to use an old system you really have to consider your requirements, you will want to maintain logs and histories, that's going to take some HDD space. Enough processing power to monitor the network without introducing latency. You'll also want to introduce anti-spam capabilities.

    I'd advise you talk to several vendors who specialize in security device deployments. better to have intergrated devices where you can easily manage them and their upkeep rather than individual systems under the control of different departments and having to maintain them over the years.
  • yzTyzT Member Posts: 365 ■■■□□□□□□□


    My company (blue) is the back-end of a large network (gov-level). Beyond the External switch everything is a black box for us. We do not manage this switch either.

    My coordinator says to replace Internal switch for a security appliance, that's why I asked whether or not they have switching capabilities. My idea was to put a firewall between Internal and External, and then a machine with Snort connected to Internal using a SPAN port.

    Also, he just told me that the connection between Internal and External is made by three wires, one for each VLAN. Does it make sense? Can a firewall handle these three connections?
  • jibbajabbajibbajabba Member Posts: 4,317 ■■■■■■■■□□
    I think Sonicwalls can do that. You say wires - VXLANs ?
    My own knowledge base made public: http://open902.com :p
  • KrekenKreken Member Posts: 284
    Take a look at Juniper SRX series.
  • try pfSense, it's free and powerful.
  • NovaHaxNovaHax Member Posts: 502 ■■■■□□□□□□
    Yeah...generally when I think of "security appliances", I think either in-line or SPAN/TAP devices. There are obviously some switches that have more secure implementations and features, but I wouldn't really consider them "security appliances". There may be some switches that internally do traffic monitoring (none that I know of), but it seems to me that it would be more cost-efficient and more extensible to do a traditional SPAN solution.

    Did you happen to ask the coordinator what types of devices he/she was referring to? Maybe they have something specific in mind...or maybe they don't have a clue what they are talking about. But probably the best way to find that out is to ask the source.
  • yzTyzT Member Posts: 365 ■■■□□□□□□□
    NovaHax wrote: »
    or maybe they don't have a clue what they are talking about
    that is ;)

    He just heard the buzzword "security appliance" and now he does want one :D
Sign In or Register to comment.