|
The purpose of this form is to aid the potential buyer in collecting the necessary information to help in specifying a firewall. It asks for information about your business environment, information systems, Internet connection, what you think you'd like in a firewall, and other considerations. This guide requests information in generic terms. Buyers should complete the information to the best of their ability, ignoring sections that do not apply. If you come across sections that you haven't thought about good! The investigative work that you put into this process up front will ultimately result in fewer headaches after your purchase and a firewall solution that better fits your company's real needs.
When you've done your homework, you can then present this information to the commercial firewall vendors in whose products you are interested. This will help them provide you with better solutions and you will have eliminated a lot of guesswork.
Read and understand Part I of the Third Annual Firewall Buyer's Guide. You might also want to read How to Pick an Internet Firewall, by Marcus Ranum. It has some good tips on dealing with vendors and other issues.
Complete this assessment form.
Review product information to narrow the field to a group of products in which you're interested. Product Functional Descriptions (PFDs) of ICSA consortium member products are included in Part II of the Third Annual Firewall Buyer's Guide.
Get the contact information of all the vendors in which you're interested.
Send/fax the vendors this form and tell them what you're looking for.
Based on their feedback, make further comparisons.
Finalize your decision.
Name__________________________________________________________
Title___________________________________________________________
Company_______________________________________________________
Address________________________________________________________
City _____________________________State______Zip ________________
Phone#________________________________Fax#____________________
E-mail address __________________________________________________
Other contact info: _______________________________________________
Business Environment
Because of differences in firewall products, it is essential to establish both the present and the projected scope of your network. This must be established early in the specification process.
Existing Environment
What is the physical/geographic scope of your organization?
Number of physical building sites___________
Location(s) of site(s)____________________________________________
Internal Operational Issues
Business units that have special information access restriction needs (list)
Business units that have special information access availability needs (list)
Geographically separated business units that have special data sharing/interoperability needs (list name and geographic locations)
External Operational Issues
External VAN requirements (e.g., ANX) (describe)
Business partner interoperability requirements (list and describe)
__________________________________________________________
__________________________________________________________
Public Operational Issues (Services offered to the public) (list and describe)
__________________________________________________________
__________________________________________________________
Remote access requirements (list and describe)
__________________________________________________________
__________________________________________________________
Internet commerce/transaction service plans (list and describe)
__________________________________________________________
__________________________________________________________
Planned Environment
List and describe all foreseen changes to each item in Section A.
Information Systems Environment
For reasons of interoperability, a description of the computing environment into which the firewall will be deployed is helpful. Details of this section should be limited to technologies that are currently deployed. Items in this domain (II) may overlap with items in III.
Existing Environment
End-User Workstations
Operating system(s) used _________________________________________
Hardware types ________________________________________________
Deployed software______________________________________________
Number of total workstations _____________________________________
Network
Media _______________________________________________________
Devices ______________________________________________________
Protocols (include addressing)_____________________________________
Topology Diagram (map your network architecture on a separate paper, and attach as an exhibit). Be sure to include both LAN/campus and WAN/site mapping.
Remote Access Facilities
What equipment do you employ? ___________________________________
What authentication methods are in place?___________________________
Servers
Number of servers______________________________________________
Operating systems______________________________________________
Hardware types _______________________________________________
Deployed software______________________________________________
Existing Maintenance/Support Arrangements with Vendors and Consultants (describe limits of coverage)
___________________________________________________________
___________________________________________________________
___________________________________________________________
___________________________________________________________
Antivirus/Malware Control Technologies (list programs and where they reside)
__________________________________________________________
__________________________________________________________
__________________________________________________________
Network/System Management Technologies (list and describe)
__________________________________________________________
__________________________________________________________
Authentication Technologies (list and describe)
__________________________________________________________
__________________________________________________________
__________________________________________________________
Planned Environment
In this section, please note any planned changes to Section II A that modify the above.
__________________________________________________________
__________________________________________________________
__________________________________________________________
__________________________________________________________
Internet Connectivity
If Internet access is currently in place, details of connectivity, services, and existing custom development will be of great assistance in determining compatibility and customization requirements associated with the new product.
Existing Environment
Type of Internet connection (ISDN, T1, T3, etc.)______________________
Existing firewall (if any list product name, version number, and vendor)
__________________________________________________________
__________________________________________________________
Means of connection used by internal systems (list and describe)
__________________________________________________________
Externally accessible servers/services (list and describe)____________________
___________________________________________________________
___________________________________________________________
Electronic commerce/transaction servers (list and describe)_________________
___________________________________________________________
Internet Security/Access Policy (see Chapter 4)
Do you have a written corporate Internet access policy? ___________________
Has it been reviewed and adopted by management?_______________________
Planned Environment
List items that differ from Section III A (existing environment), particularly changes to the Internet Security/Access Policy.
___________________________________________________________
___________________________________________________________
___________________________________________________________
Protocols to Be Supported
The six protocols listed are the ones required for ICSA certification. This is not meant to be a complete list nor does the list imply that these are the only protocols you will/won't need. Users must research their existing and planned applications and fill out the table accordingly.
Some sources of other protocols include the /etc/services (UNIX file) and ftp:// ftp.isi.edu/in-notes/iana/assignments/port-numbers.
Protocol Services for Internal Users
Services for public
Services for remote users, special conditions
Telnet
FTP
HTTP
SSL or SHTTP
SMTP
DNS
Firewall Features
Will you need the following features? (Check all that apply and describe where appropriate.)
Access Control
Time Based
Address Based
Authenticated
Alerts/Alarms
Visual
Audible
Paging/Phone
SNMP
Syslog
Authentication
Token
One-time
Password
Configuration Management
Profile-Based Configuration Management
Ability to Manage Multiple Configurations
Verification of Configuration Consistency
Content Control
Active Content management
Java
ActiveX
Virus/Malware Control
Onboard
Outboard
Third Party
WWW Access Control
URL Filtering/Blocking
Access Logging
Log Management define any reporting requirements and existing reporting/ event analysis products you are currently using, if any
Log Summary
Intrusion Detection
Network Options
Interfaces
Maximum Number _______
Interoperability of Different Media Types (list)
Granularity of Rulebase by Interface
Media
Ethernet 10BaseT 100BaseT
Gigabit
Fiber Optic
FDDI
Token Ring
NAT (Network Address Translation)
Remote Administration
Console Only
HTTP/Browser Based
Remote GUI
Single Console/Multiple Firewalls
SNMP
System Attributes
Turnkey
Ability to Incorporate Third-Party Servers/Products on Platform
VPN
Compliant with:
IPSEC
S/WAN
SKIP
Others
Firewall to Firewall
Firewall to Client (internal and external)
Key Management/Exchange
Other Considerations
My price range for a firewall is $________________-$ _________________
I expect/need to have a firewall purchased, up, and running by (date) ___/___/___
I need to have a firewall that is ICSA certified. ________________________
Other testing/certification/reviews required (list):_______________________
Deployment of the firewall will come under the job function of (title)
__________________________________________________________
Maintenance of the firewall will come under (title)'s job function (title)
__________________________________________________________
I need the following features in a service contract:
__________________________________________________________
__________________________________________________________
__________________________________________________________
__________________________________________________________
__________________________________________________________
Any other special requirements not covered in this form:
__________________________________________________________
__________________________________________________________
__________________________________________________________
__________________________________________________________
__________________________________________________________
|