Security Basics mailing list archives

RE: Firewall Switch

From: "Shawn Jackson" <sjackson () horizonusa com>
Date: Thu, 20 Nov 2003 15:28:35 -0800


        There are already some *NIX distros that try and provide this
type of functionality out of the box.

http://www.wiresoft.net/products_firegate_server.html <- Costs $$$
http://www.ipcop.org 
http://www.smoothwall.org/ 

        Of course, custom firewalls of any nature are harder to maintain
then a retail product. You can have inter-site VPN's via SSH
http://www.tldp.org/HOWTO/ppp-ssh/. You will 'most likely' have to build
your firewall script from hand, either iptables/ipchains script, or a
shell script. It's viable if you have a dedicated security person. You
will need someone to manage the boxes, update them and keep them locked
down, etc. There is much more maintenance with these servers then say a
PIX or FW-1. 

Shawn Jackson
Systems Administrator
Horizon USA
1190 Trademark Dr #107
Reno NV 89521
www.horizonusa.com
 
Email: sjackson () horizonusa com
Phone: (775) 858-2338
       (800) 325-1199 x338

-----Original Message-----
From: Zill, Greg [mailto:Greg.Zill () owh com] 
Sent: Wednesday, November 19, 2003 10:16 AM
To: security-basics () securityfocus com
Subject: Firewall Switch

Is it reasonable to switch from licensed proprietary firewall to Open
Source firewall? With budget restraints what they are these days, I
figure I can step up and offer to convert the impending expiration of
current hardware/license. The proprietary firewalls currently in place
number 7 and protect key internet points at 6 geo-locations. Current
support licensing is past $10k per. The firewall technology itself
purports application layer, although much of the newly needed http/xml
stuff is not yet implemented.

Would I be able to provide the same level of protection and prove same
to managers? Would I really save dough? Also site-to-site vpn is in the
mix betwixt all sites...any thought appreciated.

------------------------------------------------------------------------
---
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Firewall Switch Zill, Greg (Nov 20)
- RE: Firewall Switch Richard Rees (Nov 20)
- Re: Firewall Switch Jude Naidoo (Nov 21)
- <Possible follow-ups>
- Re: Firewall Switch dan.ford (Nov 20)
- RE: Firewall Switch Shawn Jackson (Nov 20)