Feedback re Internet Security Solution Proposal

[TigerDivision]

Hi all!

I thought of posting this here in the hope of getting some feedback. Here goes. Lately we've been discussing our requirements for an Internet Security Solution for our company with a third party supplier. Below is their proposal:

Option1: Firewall and Intrusion Prevention System - Cisco 1800 Series Router
Option2: Firewall - Linux Redhat

Web Filter - Squid
Spam Filter - Qmail with SpamAssasin
Anti-Virus - Fprot/Clamscan

What I noted was that in order to keep their costs down they included Open Source software. I am not against Open Source being used but I am somewhat wary of using such Open Source software for our security needs. How robust a solution would it be if we were to go for Open Source? How easy would it be to manage it as well as maintain it?
With regards to Intrusion Prevention, how well does the Cisco 1800 Router handle this? Does RedHat Linux have an Intrusion Prevention System built in?

Obviously the directors saw the low costs and are in favour of accepting this proposal. But we as the IT Department are not fully in favour. We are more in favour of implementing more robust products such as Proventia ISS firewalls, SurfControl, etc. Furthermore these guys who are recommending such a proposal are not very experienced with regards to security which in our opinion is very important.

Your comments to the above would be much appreciated.

Thanks!

 

[tfg13]

I have a feeling that you are uncomfortable with Open Source solutions because you are generally more of a point and shoot kind of office (Microsoft products).

Low cost/Open source does not necessarily equate to an unprotected system. Large businesses use open source products as the protection scheme for their networks, in a lot of cases due to cost. The only difference is, it takes some getting used to the products (lots of reading up on forums and such).

I've used squid before, and it is a pretty good product. Configuring is a pain, as it's all command line and no point and click, but you do get used to it.

Intrusion Prevention is available from most of the Linux products. One thing about them is they are configured for no access at first, and you have to open them up as needed. Cisco products are also pretty good. Just one more OS (IOS) will need to be learned....

 

[TigerDivision]

Hi tfg13

Thanks for your feedback. What I'm mainly worried about is having our network attacked/compromised due to a lack of good knowledge of these open source apps and not being robust enough. Do you use open source for your security needs?

Thanks

 

[lgarner]

I'd go with a Cisco firewall first, but if you're putting in a server anyway for the proxy, etc., then that can make a fine fiewall also. I've done it, and it works just great. Depending on your internet connection type, you might still need a router of some type unless you purchase a serial adapter for the server.

A server will fail more often than a router. It will need more updates, reboots, etc. I'd put in two servers for hot failover. Since there's no software or OS cost, it won't cost much to implement. I'd make the same suggestion for the hardware device, anyway, though the failures will be less frequent.

 

[tfg13]

I personally have never implemented this situation myself, just worked on it.....

 

[hercj]

I have personally set this up at my company. We have had hacking attempts from just about every country. None of them has ever succeeded. If you go with Linux I'd suggest setting up webmin and allowing only internal access to it.