elfick at mac.com
Mon Jul 10 17:44:41 EDT 2006
I just received an "audit" report that I'm supposed to discuss at a
meeting tomorrow. Part of that report covers my firewall. The current
firewall is OpenBSD 3.5 (yes, a bit out of date). My question regards
the wording of the report. It talks about "generations" of firewalls
(first gen, second gen...) I've never heard of the term generations
used to discuss firewalls. Has anyone heard of this term used with
While the auditor might have been general competent, and certainly
was more knowledgeable about Windows than I am, I don't feel that he
is really up on security. He recommends replacing my box with a
Sonicwall unit, which, if I understand correctly, is just a dedicated
Linux box. I don't see how that gains me much more than a pretty
interface. His company is most likely a Sonicwall reseller, but I
don't think he is even aware what the Sonicwall runs under the covers.
Pertinent text follows verbatim:
"Your current Firewall is a PC running a version of OpenBSD (Unix).
This solution is a Firewall but it has only the most basic Firewall
capabilities of NAT and port blocking. This type of Firewall was
current technology found several years ago in first generation
Firewalls. Current Firewall technology is its Fourth generation and
includes such features as Antivirus, Anti-Spyware, Content Filtering,
and Intrusion Prevention. The idea is that the more stuff you block
at the perimeter the better your whole network will perform. The
Sonicwall solution we are proposing also has the ability to do both
software and hardware VPN if at a future date you wish to implement
secure Internet connections from remote sites."
Any input is appreciated (preferably constructive) particularly from
any of the security experts out there.
More information about the TriLUG