Bristol Systems Inc. - Reliable Network Provider                   

Networking Products

Cisco Systems     Foundry Networks      Juniper Networks       Hewlett-Packard    Watchguard Technologies      

Routers and Firewalls    Cisco 7400 Router    Watchguard Firebox Firewall

Cisco Systems is by far the market leader in routers.  Cisco competes at the high end with Foundry and Juniper.  Since routers have to examine every packet as they figure out where to send it next, it is common for routers to include basic firewall capabilities that decide whether or not to forward the packet at all.  Conversely, since firewall products make such decisions based on examining a big stream of packets, it is easy for them to include basic routing capabilities.  Thus at the low- to medium-end of the router/firewall market, one product can usually be purchased economically to do both functions reasonably well.  

Intrusion Detection

If you can detect an intrusion, you can detect it at the firewall.  Thus most intrusion detection functionality should be in the firewall.  That said, there is a place for a device that sits inside the firewall that detects various types of activity.  These devices can also detect and log various types of internal activities that might be suspicious.  They can also be the base for internal probing of various servers.  The most popular open source networked intrusion detection system is snort.  On a given host, one can also look for changes in the system files that shouldn't be changing.  Tripwire is one of the earliest such systems, and it is still being maintained today.  Most intrusion detection systems are a combination of ideas found in snort and in tripwire.  Our recommended high-end intrusion detection system is StillSecure's Border Guard, which can be deployed in various configurations as either an intrusion detection system or as an extension of your firewall as an intrusion prevention system.

 

Vulnerability Detection

Everyone has heard of hiring hackers to test the security of a business.  One can automate this by building a vulnerability detection system.  These are often based on some sort of automated port scanning tool, such as nmap.  The most famous vulnerability detection tool is probably nessus, which can be loaded with a library of scanning scripts to test for different types of vulnerabilities.  StillSecure's Vulnerability Assessment Module (VAM) has a rich library of scanning scripts and also embeds project management functionality to help you track progress on repairing the vulnerabilities you find with it.  We recommend VAM highly.  StillSecure has a related product, Safe Access, which tests workstations for security policy compliance.  Workstations not in compliance can be quarantined until they update their software, virus protection, etc. to become in compliance. 

 

Switches and Hubs  HP Managed Switch

Switches and hubs, however, are different beasts.  Their job is to efficiently move packets between many different machines on a local area network.  Managed switches can perform a type of firewall service; namely, separating the LAN into separate managed virtual LANs.  This is a big jump in functionality and a big improvement in performance over hubs that simply move a packet from one part of the LAN to all other parts of the LANs.  It used to be that switches cost much more than hubs; however, today the cost of a good managed switch is so low that it is almost always worth the money to use a switch where a hub might have been used before.

JPlease email bristolsystems.com, username solutions, for network design and consulting.

 

Home | Products | Services | High Availability | Information | Employment | Contacts | Site Map

Hosted by Bristol Systems Inc.
Copyright (c) 2008, 2009, 2010 Bristol Systems Inc.