Firewall Wizards mailing list archives
Re: Firewall: dedicated equipament x Unix workstation
From: Matthew Patton <patton () sysnet net>
Date: Sun, 11 Oct 1998 21:38:48 -0400
I don't have much to add to the experts' commentary but an appliance often does not provide you the customer with any access to full source or the precise details of what is going on inside, whereas a unix distro with source, say OpenBSD does. As a matter of convenience and as a marketing differenciator, many include managment programs like built-in web servers or java clients which introduce their own potential issues. I guess it boils down to how much inhouse knowledge do you have and how trustworthy is your vendor. I personally prefer the crystal box approach. My firewall requires precisely one 1.44MB floppy (actually less) to operate. Local disk is optional and is used strictly for logging with flags SAPPND and securelevel=2. It's built entirely on freeware and trash (486/66 EISA computer with lots of NICs) the IT department deemed useless. It doesn't even tickle the CPU with 10Mbit ethernet, let alone a T1. As currently configured there are no userlevel endpoint services on it though putting bind on would be quite easy. Remote mgmt is via SSH on the internal interface only or optional serial line. It won't stop anything a packet sniffer can't (eg. protocol attacks) but it does a fine job nonetheless and costs thousands less than any Cisco router or PIX or Checkpoint's favorite solution. -------- The spark of the revolutionary war, the battle of Lexington and Concord, was prompted by the ruling government's attempts to confiscate the "assault weapons" of the day held by local militias.
Current thread:
- Firewall: dedicated equipament x Unix workstation Carlos Henrique Bauer (Oct 02)
- Re: Firewall: dedicated equipament x Unix workstation David Bonn (Oct 05)
- Re: Firewall: dedicated equipament x Unix workstation Joseph S. D. Yao (Oct 05)
- <Possible follow-ups>
- Re: Firewall: dedicated equipament x Unix workstation Ryan Russell (Oct 05)
- RE: Firewall: dedicated equipament x Unix workstation Gary Crumrine (Oct 05)
- RE: Firewall: dedicated equipment x Unix workstation Frank Willoughby (Oct 06)
- Re: Firewall: dedicated equipament x Unix workstation Matthew Patton (Oct 13)
- Re: Firewall: dedicated equipament x Unix workstation sedwards (Oct 14)