Security Basics mailing list archives
RE: Firewall Switch
From: "Shawn Jackson" <sjackson () horizonusa com>
Date: Thu, 20 Nov 2003 15:28:35 -0800
There are already some *NIX distros that try and provide this type of functionality out of the box. http://www.wiresoft.net/products_firegate_server.html <- Costs $$$ http://www.ipcop.org http://www.smoothwall.org/ Of course, custom firewalls of any nature are harder to maintain then a retail product. You can have inter-site VPN's via SSH http://www.tldp.org/HOWTO/ppp-ssh/. You will 'most likely' have to build your firewall script from hand, either iptables/ipchains script, or a shell script. It's viable if you have a dedicated security person. You will need someone to manage the boxes, update them and keep them locked down, etc. There is much more maintenance with these servers then say a PIX or FW-1. Shawn Jackson Systems Administrator Horizon USA 1190 Trademark Dr #107 Reno NV 89521 www.horizonusa.com Email: sjackson () horizonusa com Phone: (775) 858-2338 (800) 325-1199 x338 -----Original Message----- From: Zill, Greg [mailto:Greg.Zill () owh com] Sent: Wednesday, November 19, 2003 10:16 AM To: security-basics () securityfocus com Subject: Firewall Switch Is it reasonable to switch from licensed proprietary firewall to Open Source firewall? With budget restraints what they are these days, I figure I can step up and offer to convert the impending expiration of current hardware/license. The proprietary firewalls currently in place number 7 and protect key internet points at 6 geo-locations. Current support licensing is past $10k per. The firewall technology itself purports application layer, although much of the newly needed http/xml stuff is not yet implemented. Would I be able to provide the same level of protection and prove same to managers? Would I really save dough? Also site-to-site vpn is in the mix betwixt all sites...any thought appreciated. ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Firewall Switch Zill, Greg (Nov 20)
- RE: Firewall Switch Richard Rees (Nov 20)
- Re: Firewall Switch Jude Naidoo (Nov 21)
- <Possible follow-ups>
- Re: Firewall Switch dan.ford (Nov 20)
- RE: Firewall Switch Shawn Jackson (Nov 20)