[147287] in North American Network Operators' Group
Re: Internet Edge and Defense in Depth
daemon@ATHENA.MIT.EDU (JAMES MCMURRY)
Tue Dec 6 16:34:53 2011
From: JAMES MCMURRY <jim@miltonsecurity.com>
In-Reply-To: <4EDE8852.30506@gmail.com>
Date: Tue, 6 Dec 2011 13:32:04 -0800
To: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
I have seen at quite a few of our customers locations, starting out with =
a lofty goal of putting everything in a single box (UTM) and turning =
every single option on.
In ~ 30% of the firms who do so it works out ok (not great, but it =
works). In the majority, the customer winds up turning features off one =
by one, and moving those to another system.
Jim
On Dec 6, 2011, at 1:25 PM, -Hammer- wrote:
> I personally have not seen it done in large environments. Hardware =
isn't there yet. I've seen it done in small business environments. Not a =
fan of the idea.
>=20
> -Hammer-
>=20
> "I was a normal American nerd"
> -Jack Herer
>=20
>=20
>=20
> On 12/06/2011 03:16 PM, Holmes,David A wrote:
>> Some firewall vendors are proposing to collapse all Internet edge =
functions into a single device (border router, firewall, IPS, caching =
engine, proxy, etc.). A general Internet edge design principle has been =
the "defense in depth" concept. Is anyone collapsing all Internet edge =
functions into one device?
>>=20
>> Regards,
>>=20
>> David
>>=20
>>=20
>>=20
>> ________________________________
>> This communication, together with any attachments or embedded links, =
is for the sole use of the intended recipient(s) and may contain =
information that is confidential or legally protected. If you are not =
the intended recipient, you are hereby notified that any review, =
disclosure, copying, dissemination, distribution or use of this =
communication is strictly prohibited. If you have received this =
communication in error, please notify the sender immediately by return =
e-mail message and delete the original and all copies of the =
communication, along with any attachments or embedded links, from your =
system.
>> =20
