Security Basics mailing list archives
RE: firewalls
From: "Tim Clewlow" <tim () clewlow org>
Date: Wed, 14 Jan 2009 17:57:09 +1100 (EST)
I use FreeBSD with pf. Rock solid security. Cannot be cracked by any means, many have tried, my logs are full of failed attempts by slack script kiddies, zombie armies, and a couple of more capable attempts. I have also tried monowall, smoothwall, ipcop, but honestly I never feel as secure with those, I'm sure they are good enough, but I like to be certain. And rolling my own setup with a minimal install of a BSD and then edit my own pf.conf means I **know** it is secure. Also, rolling your own means you can build auto IDS mechanisms to honeypot the little bastards for a while before terminating the connection - and then automagically add them to a blacklist for kicks. Lastly rolling your own means you can setup proper bandwidth shaping by mixing and matching protocols, ips and priorities - so you can configure the QOS of these things to match up with your particular company's intranet layout. The distro firewalls are never going to be up to the same high standard, they are like winblows products, a bare minumum firewall setup that will suffice for many common basic network layouts. But if you really want to create a high end firewall, I believe you can only do that by building it yourself. my 2c, tim.
I haven't used it for a while, but try IPCOP - http://www.ipcop.org/ Wilson -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Damian Sent: Sunday, 11 January 2009 11:54 AM To: Sec-Basics Subject: firewalls So I need some advice on firewall security. I use ubuntu servers at work and am very comfortable with debian. At work we have a cisco piz firewall....however another smaller company we help doesn't have the budget or staff for a pix firewall. I was considering using a distro like redwall or smoothwall and was wondering if anyone had any experience with dedicated distros like these. Also do these distros offer better security then larger installations? Message protected by MailControl: e-mail anti-virus, anti-spam and content filtering. http://www.mailcontrol.com
-- The code that never executes at all is the fastest.
Current thread:
- firewalls Damian (Jan 12)
- RE: firewalls Emilio Morla (Jan 12)
- Re: firewalls xgermx (Jan 12)
- Re: firewalls H. Kurth Bemis (Jan 12)
- Re: firewalls Rick Rune (Jan 12)
- Re: firewalls Benjamin Langtry (Jan 13)
- Re: firewalls pUm (Jan 13)
- <Possible follow-ups>
- Re: firewalls stcroix111 (Jan 12)
- Re: firewalls Morgan Reed (Jan 13)
- RE: firewalls Wilson (Jan 13)
- RE: firewalls Tim Clewlow (Jan 14)
- Fw: firewalls john . b . williams (Jan 14)