Firewall Wizards mailing list archives
Re: why isn't there a newer linux fw-howto
From: "Kevin T. Shivers" <kshivers () tis com>
Date: Tue, 06 Oct 1998 11:41:22 -0400
--->> From Alfred Huger Much like Perry, I am somewhat partisan in this issue. This being said, I feel this whole thing is somewhat a moot point. Any OS you deploy as a firewall needs to be locked down, significantly. I feel it comes down to with what you're more comfortable deploying. If you're more familiar with Linux, use it. The same is true for OpenBSD etc. At the end of the day you still need to maintain this box and ensure it meets your needs. Use the right tool for the right job I suppose. Alfred Huger Network Associates Inc. --->> At 07:06 AM 10/6/98 -0400, Adam Shostack wrote:
Its gotta be a system you know well. If you know Linux back and forth, then by all means, don't pick up *BSD because someone tells you its a good firewall box. Its nothing without knowlegeable people to tweak it.
I have to agree with what both of you have said. The person who sent out this thread did not know much about any of the free UNIXes, so I offered the suggestion that they may want to look at a BSD based system, which is what I personally prefer. This is only my .02$, I want to let them decide. I think Alfred is 100% right when he says you need to pick the right tool for the job. For me that's a BSD system, and for others its Linux. These systems are not that secure stock, but I personally feel that the current BSD out-of-box installs are much more secure than current RedHat installs. Now, I'm not saying that Linux can't be secure, but I feel that any BSD out-of-box install gives you a better starting point. Any decent firewall box will not remain stock for very long, so the point is kind of mute. I suggest that people play with both OS types and then decide for themselves. FYI, an excellent source on securing Linux systems is at: http://www.nmrc.org/nmrcOS/ . the NMRC is working on making an secure install of Linux for free distribution. The basic things that they do to their kernels are things that people who want to make Linux firewalls may want to do. kts
Current thread:
- RE: why isn't there a newer linux fw-howto Paul D. Robertson (Oct 01)
- <Possible follow-ups>
- RE: why isn't there a newer linux fw-howto Kevin T. Shivers (Oct 01)
- Re: why isn't there a newer linux fw-howto Darren Reed (Oct 02)
- Re: why isn't there a newer linux fw-howto Kevin T. Shivers (Oct 02)
- Re: why isn't there a newer linux fw-howto Matt Curtin (Oct 05)
- Re: why isn't there a newer linux fw-howto Adam Shostack (Oct 05)
- Re: why isn't there a newer linux fw-howto Perry E. Metzger (Oct 05)
- Re: why isn't there a newer linux fw-howto Jan B. Koum (Oct 06)
- Re: why isn't there a newer linux fw-howto Adam Shostack (Oct 06)
- Re: why isn't there a newer linux fw-howto Kevin T. Shivers (Oct 06)
- Re: why isn't there a newer linux fw-howto Darren Reed (Oct 02)
- Re: why isn't there a newer linux fw-howto Perry E. Metzger (Oct 05)