Home page logo

basics logo Security Basics mailing list archives

Re: suggestions on a good firewall
From: salgak () speakeasy net
Date: Tue, 20 May 2003 16:40:24 +0000

-----Original Message-----
From: Mark Ng [mailto:laptopalias1-mark () informationintelligence net]
Sent: Tuesday, May 20, 2003 04:11 PM
To: security-basics () securityfocus com
Subject: RE: suggestions on a good firewall

Moderator:  Please feel free to completely disregard this mail if you think
I am being too harsh.  Thanks.

It's useful when expressing opinions to justify them.

Each solution generally has it's own merits and disadvantages.  Childish
behaviour such as "get a real" "x is better than x"(without any
justification) is just a waste of everyones time.  There are people on this
list who are genuinely trying to learn about security - these people need
justifications, not religious fervour or fanboyism.


A Windows box, properly locked down, can be a reliable firewall.  Locking it down can be a chore, a much easier chore 
with Win2003 server, but still takes some expertise and finesse.  I prefer hardware firewalls with a firmware basis, as 
they're harder to exploit, but many brands have reliability issues.  I'm currently running Checkpoint and Gauntlet on 
Solaris, but this is a production environment I've inherited.

For a good, relatively inexpensive firewall, I'd recommend the Linux-Mandrake firewall solution, running on commodity 
Intel hardware.  Simple to set up, fairly easy to run, easy to maintain.

The REAL question to ask when picking a firewall is really two questions:

1. What sort of threats am I defending against ?

2. What can my sysadmin handle ?  A Junior MCSE handed a Slackware IPChains box is not going to be terribly effective, 
as an example. ..

Thinking About Security Training? You Can't Afford Not To!

Vigilar's industry leading curriculum includes:  Security +, Check Point,
Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now!
--UP TO 30% off classes in select cities--

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]