Network Security Applicance

[xfactor]

Hi there!

I'm wondering whether there is a anyone working in a corporation or big company who would know what kind of security appliance is used (brand, models, etc..) to filter web content, block im/p2p, firewalling and proxying in order to easily enforce enterprise policies?

In fact, I'm a bit fed up of having different systems to cater for all these.

Any input is more than welcome

Cheers

[Moby-Dick]

I dont think a really large corp would put all their eggs in one basket so to speak. ( we certainly dont )

You could cover most of those bases with ISA ( with something like surfcontrol for content filtering )

P2P / IM wise you have to consider network design as well. Ensure that machines dont have a direct route to the web unless they go through your proxy which gives you a greater level of control.

There's also the non technological route to this - ie a well written AUP for your IT systems can often be more effective at limiting non work use than any number of content filters.

[xfactor]

Thanks for your input Moby-Dick

Well, I have already a firewall (linux based) on which I have content filtering, a proxy for web surfing (linux), an antivirus for scanning everything that is downloaded.

However, all these systems have become rather un-manageable. Moreover, I would need to generate somekind of reports etc... for audit purposes. Well, I can definitely do that with all the info I gather from the logs. However, in practice that's not easily done

My users are more or less sticking to the internal IT policies of the origanisation I work for. This is not a real issue

However, having one applicance for centrally managing everything which is related to web surfing etc is better than having different sub-systems to cater for each component.

Some network securty appliances I've seen on the market are for example - St Bernard iprism, Barracuda's set of appliances etc.. They look pretty good and I was wondering whether this is the type of appliances being used by large organisations today as they pretend.

Cheers

[Moby-Dick]

most of those appliances seem to be based on a linux kernel , so I'm sure you can roll your own
for reporting , try running reports to a central SQL database - should be easer to compile them from there.

How many users are you looking at supporting ?

[xfactor]

Well, not much, there is in total around 400 workstations...

Thanks for the ideas

Cheers

[Moby-Dick]

The only appliance I've used was a watchguard firebox as a firewall - I have to say it was a good bit of kit - I think you can add a few plugins to it for content etc.

[aidanjt]

pfSense will do what you're looking for. i.e. routing, firewall, proxying, web configuration (including extra package installation), usage/alerts/snmp/fancy web graphs etc.

[xfactor]

Hi aidanjt,

Do you use pfSense? Is it any good ~ looks like an ongoing project to me Would it be better than a firewall like Smoothwall on which more security related plugins can be added?

Thanks for pointing me to pfSense, it looks good

[Moby-Dick]

if PFsense is m0n0wall based as I think it is , then I'd imagine it'll be a cracking project

[aidanjt]

I used it for a few hours to fiddle around and gain an impression of it, it's pretty good, but ultimately I wanted something a lot more on the fly tweakable and configurable that you don't get with pre-rolled firewall appliances.

@Moby-Dick: yes, it was forked off m0n0wall, they updated the FreeBSD base, added package support and did a bunch of a nice other tweaks. So it's a good bit more 'bleeding edge'.

[Moby-Dick]

The only thing you'd have to consider with deploying something like that into a commercial operation is the level of support available for it.

Given that the device you are after represents quite a significant single point of failure , have you considered the impact of it going wrong ? What if you aren't around to fix it ? Are there any vendor / 3rd part support options available ?

[TheAnimus]

pfSense is stonkly good i've found.

I've not used many of the features it provides over m0n0wall really, but its great too see the performance wasn't effected.

I'm running it on a via 5000, so its hardly beefy.

But Moby's right on the commerical support side.

[aidanjt]

Since when was commercial support actually in any way useful in reality anyway?

[TheAnimus]

#1. It really does get the problem fixed quickly if the firms good.
#2. It covers your ass (we had an agreement with this reputable firm).

[Moby-Dick]

Since when was commercial support actually in any way useful in reality anyway?

You tell that to the legal department.

If the failure of the system can prevent the company from operating then you can bet they'll want safeguards in place to ensure that the vendor is responsible in the event of conventional support failing.

This is why we have a very hard time trying to get approval to run little 3rd party apps in our production systems.

[aidanjt]

Meh, silly legal department, always wanting to pass the buck off. Anyway, I did say in reality, legal people are in a world of their own.