- This topic has 5 replies, 5 voices, and was last updated 10 years, 1 month ago by .
- You must be logged in to reply to this topic.
Greetings,
For those of you that design networks or suggest designs do you still feel that layer firewalls (from different vendors) is still a valuable part of defensive in depth? From your experience, do companies tend to use this in the SMB enterprises?
Just want to get someone else’s perspective. I am submitting a proposal for our new network design on Wednesday and the other guy and I have some very, very different opinions.
Thanks,
I work for a medium sized business and we use several firewalls both on the edge and to segment internal networks.
Personally, as long as you are using a “good” firewall (easy to administer, secure, works for you), then I would not go with a different vendor if the same group will be administering a lot of other equipment as well. I do not think the overhead is worthwhile, and particularly not so if you use firewall management software from the same vendors (logging, configuration management, etc.).
It’s not just the firewall that you would use to segment things.
Personally, I’d firewall the network connection to the internet and DMZ. Internally, I’d use vlans and access lists to limit exposure.
Oh we will be using vlans in our new design. I personally feel like since I am the one who will be handling the firewall admin work, I should stick with one vendor and expertly configure it and use a solid IDS implementation to pick up the slack.
I think I might post my idea for the new network design later.
Rather than an IDS, would you not perhaps consider a IPS or IDPS?
You may already have that in mind, but you know those acroynms, often confusion can creep in.
Sometimes the kind of thing that can cause a configuration issue by misunderstanding or lack of procedures (or lack of following of procedure)
– EH-Net Live! Thurs Oct 29 @ 1:00 PM US ET. Details Coming Soon!
– EH-Net Live! Sept – Video & Deck Available Now! for “Android Hacking Proving Ground!” w/ Kyle Benac from Sept 24.
– EH-Net Live! Aug – Video & Deck Available Now! for “TryHackMe – Behind the Curtain” w/ Ben Spring and Ashu Savani from Aug 27.
– EH-Net Live! June – Video & Deck Available Now! for “CISO Underrepresented” w/ Mark Arnold and Steph Ihezukwu from June 30.
– EH-Net Live! May – Video & Deck Available Now! for “Bad As You Want To Be – Adversary Emulation Basics” w/ Jake Williams from May 28.
See all EH-Net Live! Videos
More on the EH-Net YouTube Channel
There are no upcoming events at this time.
Copyright ©2021 Caendra, Inc.