Home page logo
/

basics logo Security Basics mailing list archives

RE: suggestions on a good firewall
From: "Mike Heitz" <mikeheitz () upshotmail com>
Date: Wed, 21 May 2003 11:03:03 -0500

Excellent point on what can the sysadmin handle...

Being a Windows admin, any Linux or Solaris firewall I were to put in
place could probably be hacked in a matter of minutes. However, I can
make a very solid Win2K box. The opposite would be true for the serious
Linux and Unix folks on the list.

mike heitz ** sr it manager ** UPSHOT
312-943-0900 x5190

-----Original Message-----
From: salgak () speakeasy net [mailto:salgak () speakeasy net] 
Sent: Tuesday, May 20, 2003 11:40 AM
To: Mark Ng; security-basics () securityfocus com
Subject: Re: suggestions on a good firewall

-----Original Message-----
From: Mark Ng [mailto:laptopalias1-mark () informationintelligence net]
Sent: Tuesday, May 20, 2003 04:11 PM
To: security-basics () securityfocus com
Subject: RE: suggestions on a good firewall

Moderator:  Please feel free to completely disregard this mail if you
think
I am being too harsh.  Thanks.

It's useful when expressing opinions to justify them.

Each solution generally has it's own merits and disadvantages.
Childish
behaviour such as "get a real" "x is better than x"(without any
justification) is just a waste of everyones time.  There are people on
this
list who are genuinely trying to learn about security - these people
need
justifications, not religious fervour or fanboyism.

Agreed.

A Windows box, properly locked down, can be a reliable firewall.
Locking it down can be a chore, a much easier chore with Win2003 server,
but still takes some expertise and finesse.  I prefer hardware firewalls
with a firmware basis, as they're harder to exploit, but many brands
have reliability issues.  I'm currently running Checkpoint and Gauntlet
on Solaris, but this is a production environment I've inherited.

For a good, relatively inexpensive firewall, I'd recommend the
Linux-Mandrake firewall solution, running on commodity Intel hardware.
Simple to set up, fairly easy to run, easy to maintain.  

The REAL question to ask when picking a firewall is really two
questions:

1. What sort of threats am I defending against ?

2. What can my sysadmin handle ?  A Junior MCSE handed a Slackware
IPChains box is not going to be terribly effective, as an example. .. 



------------------------------------------------------------------------
---
Thinking About Security Training? You Can't Afford Not To!

Vigilar's industry leading curriculum includes:  Security +, Check
Point, 
Hacking & Assessment, Cisco Security, Wireless Security & more! Register
Now!
--UP TO 30% off classes in select cities-- 
http://www.securityfocus.com/Vigilar-security-basics
------------------------------------------------------------------------
----



---------------------------------------------------------------------------
Thinking About Security Training? You Can't Afford Not To!

Vigilar's industry leading curriculum includes:  Security +, Check Point,
Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now!
--UP TO 30% off classes in select cities--
http://www.securityfocus.com/Vigilar-security-basics
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]