Security Basics mailing list archives
Re[2]: suggestions on a good firewall
From: Malte von dem Hagen <DocValde () gmx de>
Date: Wed, 21 May 2003 17:52:43 +0200
Hallo Jeff, am Dienstag, 20. Mai 2003 um 18:35:30 schrieben Sie:
ok I'll bite Why is Linux or the others in this thread a bad idea as a firewall. I see you would recommend a hardware firewall. does this mean like a linksys or netgear or raptor or one of those type of LINUX based firewall systems. I have deployed Linux,Cisco, and raptors based firewall and the difference I have see is support and cost. Linux being the less cost and Cisco being the most. if it was my network and I was making the security policy I would chose Linux or raptor Cisco is just too much money for a personal or small company network.
First of all, a firewall is a concept and not a machine, so one has to chose a concept for it. You cannot compare a Cisco Router with Firewall Feature Set to a Raptor. If one needs a packet filter-like firewall component, i would always recommend OpenBSD - not Linux, not Cisco or anything else. Why? Because OpenBSD is one of the most secure Operating Systems, and that's one of the most important points when chossing a firewall component. You need a secure and stable platform. The BSD Unices (all of them) are such a platform - more secure and more stable than Linux, even than Cisco IOS. Everyone with rudimental knowledge in Unix-based systems can set up and maintain such a system, when he or she is willing to read and learn a bit. It is not as difficult as it may seem... Only exception: A medium to large network with single-vendor-Cisco-strategy. In that scenario, it may be useful to choose a PIX, for management reasons. Disclaimer: I don't want to start the old "BSD vs. Linux" war. Who wants to use Linux may use it. I like BSD a lot more, regarding security, performance and stability in not-desktop-systems. [TOFU removed] Just my 3.141 -cents, Malte -- Malte von dem Hagen DocValde () gmx de http://www.docvalde.net/ --------------------------------------------------------------------------- Thinking About Security Training? You Can't Afford Not To! Vigilar's industry leading curriculum includes: Security +, Check Point, Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now! --UP TO 30% off classes in select cities-- http://www.securityfocus.com/Vigilar-security-basics ----------------------------------------------------------------------------
Current thread:
- Re: suggestions on a good firewall, (continued)
- Re: suggestions on a good firewall Steffen Mueller (May 15)
- RE: suggestions on a good firewall Robert Gibons (May 16)
- RE: suggestions on a good firewall Michael J. Panchula (May 16)
- RE: suggestions on a good firewall Mike Moore (May 16)
- RE: suggestions on a good firewall Dan DeVoe (May 17)
- RE: suggestions on a good firewall Tom Sevy (May 17)
- RE: suggestions on a good firewall kerberus (May 19)
- Re: suggestions on a good firewall Ing Bernardo Lopez (May 20)
- RE: suggestions on a good firewall Mark Ng (May 20)
- Re: suggestions on a good firewall Jeff (May 21)
- Re[2]: suggestions on a good firewall Malte von dem Hagen (May 21)
- Re: Re[2]: suggestions on a good firewall Jeff (May 22)
- Re[4]: suggestions on a good firewall Malte von dem Hagen (May 23)
- RE: suggestions on a good firewall kerberus (May 19)
- RE: suggestions on a good firewall dschaible (May 23)
- Re: suggestions on a good firewall Jeff (May 23)
- RE: suggestions on a good firewall Jason Dixon (May 26)
- RE: suggestions on a good firewall Mark (fat) (May 21)
- RE: suggestions on a good firewall Daniel B. Cid (May 22)
- RE: suggestions on a good firewall silvia ghezzi (May 22)
- RE: suggestions on a good firewall lassal (May 23)
- Re: suggestions on a good firewall Andreas Happe (May 22)