General discussion

Locked

Do I need a firewall in this environment

By sekarsc ·
1. My environment is as below:

a. Dedicated LAN at my place in India is connected by a dedicated frame relay link to my principal installation in US.
b. I have no Internet or dial-up/dial-in lines in my place.
c. I have a WIN-NT PDC + BDC that supports common services such as Exchange. This mail system is connected by SMTP to the mail mail server at US by frame relay link.
d. All other servers are in US only.

2. I have a complete system of firewall and Intrusion detection and all systems at the US end.

3. I had proposed that we will have a Checkpoint firewall on my end (i.e India-end). I am told that this is not required as the environment is dedicated and there can be access from no other ways (as there is dedicated frame relay PVC, VPN/3DES encryption and there are firewall and IDS are in the US End). It was pointed out to me that I can have a network IDS if I consider so.

What is the correct stand and why it is so?

This conversation is currently closed to new comments.

9 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Do I need a firewall in this environment

by Joseph Moore In reply to Do I need a firewall in t ...

My answer is going to be based off of opinion mostly.
I would say yes, you should have a firewall there. And the reason why is simply a matter of paranoid.
Sure, the US office has a firewall. Is is managed daily? Are the access logs checked and archived and studies? Are there alerts set up on the firewall when "interesting" events happen? Or is the firewall sitting in the server room, collecting dust, with everyone trusting in it to stop everything?
I am a believer that you need to examine your devices, that just having faith that they will work without fail is a false assumption.
So, the paranoid side of me says that you should have your own firewall IN CASE the US security is breached. Because if it were, then what will YOU do?
If the security of your network in India is your concern, then you should not entirely trust someone else.
Because if there is a break in at the US site, and whomever does this gets into YOUR network, then it will be YOUR fault.
So, an extra layer of security is not gonna hurt any.
In my office, we have firewalls on the Internet access points, internal firewalls setting up DMZs, firewalls at the ends of remote offices (all part of our WAN), as well as a firewall between a sister company and mine, and the sister company is IN THE SAME BUILDING ON THE SAME FLOOR! They have their own firewalls, and WE DON'T TRUST THEM EITHER!

So, IMHO, yes, you need your own firewall.

hope this helps

Collapse -

Do I need a firewall in this environment

by sekarsc In reply to Do I need a firewall in t ...

Poster rated this answer

Collapse -

Do I need a firewall in this environment

by TheChas In reply to Do I need a firewall in t ...

Do you have any internet access through the dedicated line?

If yes, then you need a firewall.

Can the dedicated line be accessed remotely?
That is is there a way to gain access to the network from a mobile location?

If yes, then you need afirewall.

Does the dedicated line use existing infrastructure for connecting between the 2 countries? Or do you actually have a true seperate piece of copper/fiber that runs between locations?

While the chances for intrusion are small with a dedicated line, it is still possible for a hacker to access your line if it runs through the standard telecom backbone.

Chas

Collapse -

Do I need a firewall in this environment

by sekarsc In reply to Do I need a firewall in t ...

Poster rated this answer

Collapse -

Do I need a firewall in this environment

by TimTheToolMan In reply to Do I need a firewall in t ...

Hi,

So if I understand you correctly, you have no links to the outside world in India and all the links on the US side of the dedicated link are protected by firewalls?

Why would you need another firewall on the dedicated link? Most people dont partition their networks with firewalls...

If you were ever going to consider opening up your end to the internet, then yes you need one - but at the point of entry...

It all depends on your level of paranoia of course...

Cheers,
Tim.

Collapse -

Do I need a firewall in this environment

by sekarsc In reply to Do I need a firewall in t ...

Poster rated this answer

Collapse -

Do I need a firewall in this environment

by Shanghai Sam In reply to Do I need a firewall in t ...

How sensitive is the data that is kept in India? Does it need to be protected from the US environment? (i.e., R&D or HR or Accounting are sometimes firewalled internally.) If it is not particularly sensitive then I wouldn't go through the extra expense. Your routers will probably provide filtering capabilities and won't cost anything extra. While not as secure as a firewall , ACL's can provide an extra level of defense for the paranoid. Also there are some good IDS and firewalls that are free in the open source community.

Collapse -

Do I need a firewall in this environment

by sekarsc In reply to Do I need a firewall in t ...

Thanks a lot for the details and the perspectives. This gives me a clear way of understanding why I should set this up or otherwise

Collapse -

Do I need a firewall in this environment

by sekarsc In reply to Do I need a firewall in t ...

This question was closed by the author

Back to Security Forum
9 total posts (Page 1 of 1)  

Related Discussions

Related Forums