|
System Integration
System integration depends on integrating the firewall into your existing network infrastructure. Choosing between the single-vendor and the best-of-breed approach is a tough one because there are advantages to both. Single-vendor systems are central-site routers and SOHO firewalls from the same vendor that let you take advantage of proprietary features and provide a common management system. The best-of-breed solution lets you tailor your firewall strategy to suit your specific needs. However, this approach may be harder to integrate and doesn't provide common management.
 Vendors such as Ascend Communications and 3Com Corp. offer complete lines of security products that connect the
SOHO to the central site. Leveraging a common security strategy, these products are combined in building-block fashion to fit specific needs in terms of WAN access and security needs. Lower-end firewalls with modem or BRI interfaces connect to high-end central site routers offering multiple PRI interfaces.
Single-vendor solutions provide advanced features, such as encryption and virtual private networking. Encrypting data across the LAN or WAN typically requires a single-vendor solution on both ends of the link because no standards exist for negotiating the algorithms. The higher-priced (more than $3,000) SOHO firewall devices already offer data encryption between the firewalls, and with the vendor's proprietary client, data encryption for the remote user as well.
From an administrative view, single-vendor solutions offer common centralized management consoles for tying together your firewall solutions and integrating them into the larger enterprise network. Various aspects of the firewall's security
can be managed alongside tasks such as access control lists and routing and filtering configurations. Firewall configurations in single-vendor solutions can be centrally managed by copying configuration files to multiple firewalls with minimal customization. Multiple systems remotely managed through a single console give you direct control over your firewalls regardless of their location on the network.
Best-of-breed solutions let you tailor your remote network security needs without relying on a single vendor. The advantage here lies with the ability to get the appropriate features into the SOHO for more competitive pricing. For example, sites with direct T1/PRI connections may need data encryption or VPN to the central site. These features require more sophisticated management and reporting functionality and generally cost more to implement. Smaller SOHOs may require packet filtering on modem links or ISDN BRI; the management requirements here are fewer and the devices will cost less as a result. While c
ommon product lines provide similar options, you may realize significant cost breaks of up to $500 per unit with best-of-breed solutions.
The downside to best-of-breed solutions include multiple management interfaces and the firewalls' differing abilities that will complicate your efforts at setting up a secure environment. Learning multiple management consoles, the inability to copy multiple configurations from sites and the loss of proprietary features may outweigh the advantages to best of breed.
On the bright side, common management platforms are available for centralized management in a multi-vendor environment, such as Check Point Software's Open Platform for Secure Enterprise Connectivity (OPSEC) initiative. Security on routers and firewalls from numerous vendors are managed through the common management application. However, you must license the management product and ensure that your firewalls are supported. And technical support may be complicated.
The key point with best-of-breed solution
s is to know what you're securing. Be sure administrators thoroughly understand security issues and products and examine the advantages of a multivendor environment compared to the risk (cost) of a compromised system.
Mike Fratto can be reached at mfratto@nwc.com.
|
REPORTS
ANALYTICS
Follow 
