[183173] in North American Network Operators' Group
Re: A multi-tenant firewall for an MSSP
daemon@ATHENA.MIT.EDU (alvin nanog)
Mon Aug 17 03:27:53 2015
X-Original-To: nanog@nanog.org
Date: Mon, 17 Aug 2015 00:27:28 -0700
From: alvin nanog <nanogml@Mail.DDoS-Mitigator.net>
To: nanog@nanog.org
In-Reply-To: <6E922826-DB47-4735-8099-D6D3037EA469@gt86car.org.uk>
Errors-To: nanog-bounces@nanog.org
hi
> On Mon, Aug 17, 2015 at 10:16 AM, Ramy Hashish <ramy.ihashish@gmail.com>
> wrote:
>
> We are planning to implement a multi-tenant FW/UTM and start providing
> security as a service, I would like to hear if anybody had experience on
that'd be a good thing ... but ...
> this, and if there are any recommendations for the UTM's vendor.
the possible vendors would depend on the answers to your idea of
what is "well rounded solution"
# fortinet's (possible) competitors
http://ddos-Mitigator.net/Competitors
> People/customers here are more familiar with the Fortigate, however, we
> need to build a well-rounded solution that suits wide range of enterprises'
> business needs.
# i doubt there is one product that provides the "well rounded solution"
in my world, "well rounded solution" would imply at least the following:
- anti virus solution ( one or more products to resolve the virus issue )
- anti spam solution ( one or more products to resolve the spam issue )
- iptables with tarpit ( protect against the free tcp-based script kiddies tests )
- udp limiting at isp ( part of iptables or your edge routers )
- icmp limiting at isp ( part of iptables or your edge routers )
- ingress/egress filters for your downlinks
- geographically distributed colo to mitigate small/medium sized ddos attacks
- regulatory compliance this and certified that vs "just anybody" ...
- good response time to fix problems reported by competent customer's IT folks
- other things you deem important to provide ..
pixie dust
alvin
#
# ddos-Mitigator.net
# ddos-Simulator.net
