NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] VPN vs Firewall - Your Thoughts

Title: VPN vs Firewall - Your Thoughts
I play the game a little on the paranoid side, but if it was my network I would have the inbound encrypted traffic pass through a filtering router (acls), then a stateful filtering firewall (such as checkpoint).  These steps will help ensure that only specific sites are able to establish VPN connections using specific protocols.  Then the VPN box will verify to the extent that it can that this is a valid connection using established protocols and procedures.  Then, the UNencrypted traffic would go back through the firewall (on a different interface if the resources and money are available) to be verified for type of traffic, content, etc.
 
The more layers of protection you have, the more difficult it is for someone to bypass your security and do whatever....
 
Some questions you will have to ask yourself -- how much risk is associated with that site's traffic?  is the site a trusted site?  are there vendors or third parties who routinely use that site to gain access to the "network"?  for what purpose do they need to traverse your network? etc., etc., etc.  This will tell you how much money and time you should be willing to spend to secure this "stuff" (that is, above and beyond what you may be able to convince management to give up).  There are other options, like policy based routing and such which can helpsecure the network without using the firewall, but in my opinion they should be used in conjunction, not instead of....
----- Original Message -----
Sent: Tuesday, May 07, 2002 1:53 PM
Subject: [FW-1] VPN vs Firewall - Your Thoughts

Hey All

I am having some mixed thoughts on the difference between a VPN and a Firewall.
A VPN allows for encrypted traffic to and from 2 or more points. A Firewall protects networks by allowing or denying packets.

If I have a CISCO to CISCO VPN that does NOT go through a Firewall before entering the internal network, am I secure?
Some will argue that VPN devices such as CISCO can act as firewalls by adding ACL's. My stance is that anything entering into the internal network should go thru my CHECKPOINT Firewalls.

Looking for your professional thoughts and opinions.

J. Barber  - ccse,scsa
Information Technology

When I see the sea once more,
would the sea have seen or not seen me?





 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.