Domain: cyberguard.com
Stories and comments across the archive that link to cyberguard.com.
Comments · 12
-
HTTPS tracking
>>Notably, I've observed these guys tracking HTTPS URLs, and of course you can't track those through a proxy.
Um, yes, you can. It is possible with todays hardware.
Here are a few;
http://www.esafe.com/eSafe/traffic_solutions.asp
Another;
http://www.scmagazine.com/us/products/productdetai ls/94de9e89-b7a1-6d6f-9479-84b866a2ffab/webwasher- 1000-csm-appliance/
http://www.cyberguard.com/products/webwasher/webwa sher_products/csm_appliance/index.html?lang=de_EN
"WW1000 has the ability to scan encrypted SSL"
The days of HTTPS being valuable are long gone. We can look inside this traffic realtime. I monitor & block traffic to HTTPS sites myself.. -
Snapgear
You need to tell us more about your requirements. That said, if you want a basic firewall, consider Cyberguard's SG family of firewalls, which are essentially little Linux appliances with an easy-to-use web interface. They're far less expensive than $13K.
-
Re:Built in
You're asking, "Why don't more people use the HOSTS file for something it was never intended for"? HOSTS is an old, OLD file used in the win95 (and earlier as LMHOSTS) networking. It's a way to find devices on the network without NetBEUI or Active Directory or DNS. It's meant to hold 10 entries or so. Not thousands. It Severely slows down the millions of W2k boxes out there? (read near bottom) Why not use the free WebWasher to block ALL ads, not just the ones on your list? Why not use Firefox to prevent all the nasties from being installed?
-
Re:HAHAHA
What is a 6MB T1?? I have a T1 here at the office, and it's 1.5MB, and we pay around $400. Now, if I had 4 of them, that would be 6MB worth of T1. Or we could go T3, and get it tuned down to 6MB, but that would cost more than 4 T1's...
So, what's a 6MB T1? 4 bonded T's?
We also have this nifty little snapgear router, that also accepts a second connection, that I have a 6MB comcast link plugged into. The T1 is the default route for the mail servers, comcast is for the users... It's obviously not bonded, but it fails over to the other should one go down... and with my secondary MX and DNS pointed to the semi-permenant comcast IP, I've got some cheap ass redundancy....
For those wondering, it's a snapgear 575.
http://www.cyberguard.com/products/firewall/SG_Fam ily/SG575.html?lang=de_EN -
Netscreen and Snapgear...
One solution that I've used that works well is to setup a netscreen box at the main office, and then use a snapgear at the remote sites. Both the netscreen and the snapgear run Linux underneath, so technically they are both as capable, but the netscreen tends to be versital (and slightly more complex to set up) then the snapgear. Making it the more logical choice for the main office.
I haven't tried this, but Linksys does make a VPN router or you could build your own using a Soekris Net4511 and M0n0wall. M0n0wall is a FreeBSD based VPN configured via the web with an interface that is very similiar to a SnapGear. (The netscreen is also setup via the web, but significantly different then the other two) If you used one, you'll feel right at home with the other (I have no idea if this is intentional or not. And the screens are not layed out the same, they just are catagorized the same, with a similiar layout)
Anyway, all the above solutions will let you set up a VPN, either with IPSEC (complete with your choice of SHA, DES, 3DES etc encryption), or the older, less secure Microsoft Point-to-Point tunneling protocal (which I can't think of the proper name of right off hand, heck maybe P2PTP was it), and once set up they run pretty much error and maintence free (Except maybe the linksys, I've used the others though, and they all work as advertised.) -
Re:it's easy...
Try these. Embedded linux VPN. Works like a charm and usually only a couple hundred bucks. Depending on how big the site is, you can get a beefier one. Plus, you would have available support.
-
Re:Hardware firewalls: almost never the best
Not to be too obvious a plug, but CyberGuard makes a dandy little soho firewall - the SG300 that has stateful packet inspection, a basic IDS (pretty much portscan) and everything else you asked for, for only $250 - well under a grand. Not as cheap as a $50 linksys box, but it uses less power and is way quieter than the $40 133 MHz machine.
-
Re:Hardware firewalls: almost never the best
Not to be too obvious a plug, but CyberGuard makes a dandy little soho firewall - the SG300 that has stateful packet inspection, a basic IDS (pretty much portscan) and everything else you asked for, for only $250 - well under a grand. Not as cheap as a $50 linksys box, but it uses less power and is way quieter than the $40 133 MHz machine.
-
Re:Excellent
Dont' think so mainstream. Think exotic:
- VIA C3 (C5P core). Has double-RNG and AES hardware integrated. Perfect for VPN and WLAN.
- At 1.2GHz it is not very fast (due to architecture) but consumes very (!) low energy and is coolable passive. Perfect for a home-server, that is 24/7 and in your living-room
- is SMP capable
a 3x PCI 0x AGP SMP ATX board would make the perfect Home-Server. It would offer possibility for a WLAN card, a 4ch S-ATA RAID controller and a 2nd NIC, maybe with embedded firewall.
While one CPU is serving the net and procmailing, the other one could compress some tarbz2 for the backup.
Well, I am aware, this is a server and not firewall/router, but why not combine it, especially since the firewall is a spearate system here. So yes, OpenBSD should really have SMP. Too bad VIA does not plan the C5P as So370 version and matching mobo, but in future such things might come. Why not ?
-
Appliances!
More like TiVo. Appliances are where (embedded) linux really shines. Look at the Linksys WPC11/WAP11, CyberGuard, and some appliances that do things on a scale not even attempted in the Windoze world, such as InterIM from Deviant Technologies, and you'll see prime examples of why Linux and other open source technologies are kicking the shiny metal ass of proprietary products.
Walmart can sell Lindows PC's, and sure, they're interesting, but let's hope that's not what people think of then they think "Linux products". The thing is, despite the candy interface, when you do run into a problem the learning curve is too long.
I've used a Linux desktop exclusively for over a year now, and I'm happy with it, but when I tried to get my wife (a former IT guru) to adopt it it was a total flop. Admittedly, Debian is not your best intro to desktop Linux ;-) but there are so many variables involved in making a PC a Linux "product" (OS, office productivity suite, printing, sound, network browsing, etc) that it's probably the worst test imaginable.
Appliances, competing in well-defined niches, are a natural for Linux and they tend to beat their closed-source competitors. THAT'S what I call a "Linux product".
-hp3 -
Re:SCO
If you are anyone that you know runs SCO, find out why, and have the software that runs on SCO ported to Linux.
It's not always that easy. Just to pick one example: if you use a CyberGuard firewall, you are using a SCO OS. Porting just isn't an option. -
Cyberguard firewall