Home page logo
/

basics logo Security Basics mailing list archives

Re[2]: suggestions on a good firewall
From: Malte von dem Hagen <DocValde () gmx de>
Date: Wed, 21 May 2003 17:52:43 +0200

Hallo Jeff,
am Dienstag, 20. Mai 2003 um 18:35:30 schrieben Sie:

ok I'll bite
Why is Linux or the others in this thread a bad idea as a firewall. I see
you would recommend a hardware firewall. does this mean like a linksys or
netgear or raptor or one of those type of LINUX based firewall systems.
I have deployed Linux,Cisco, and raptors based firewall and the difference I
have see is support and cost.
Linux being the less cost and Cisco being the most.
if it was my network and I was making the security policy I would chose
Linux or raptor Cisco is just too much money for a personal or small company
network.

First of all, a firewall is a concept and not a machine, so one has to
chose a concept for it. You cannot compare a Cisco Router with Firewall
Feature Set to a Raptor. If one needs a packet filter-like firewall
component, i would always recommend OpenBSD - not Linux, not Cisco or
anything else.
Why? Because OpenBSD is one of the most secure Operating Systems, and
that's one of the most important points when chossing a firewall
component. You need a secure and stable platform. The BSD Unices (all of
them) are such a platform - more secure and more stable than Linux, even
than Cisco IOS.
Everyone with rudimental knowledge in Unix-based systems can set up and
maintain such a system, when he or she is willing to read and learn a
bit. It is not as difficult as it may seem...

Only exception: A medium to large network with single-vendor-Cisco-strategy.
In that scenario, it may be useful to choose a PIX, for management
reasons.

Disclaimer: I don't want to start the old "BSD vs. Linux" war. Who wants
to use Linux may use it. I like BSD a lot more, regarding security,
performance and stability in not-desktop-systems.

[TOFU removed]

Just my 3.141 €-cents,

Malte

-- 
Malte von dem Hagen

DocValde () gmx de
http://www.docvalde.net/


---------------------------------------------------------------------------
Thinking About Security Training? You Can't Afford Not To!

Vigilar's industry leading curriculum includes:  Security +, Check Point, 
Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now!
--UP TO 30% off classes in select cities-- 
http://www.securityfocus.com/Vigilar-security-basics
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault