Home page logo
/

basics logo Security Basics mailing list archives

RE: Novice asks "OpenBSD best firewall?"
From: "DeGennaro, Gregory" <Gregory_DeGennaro () csaa com>
Date: Thu, 17 Jun 2004 06:56:50 -0700

"Best" sort of verges on the topic of religion but, yes, OpenBSD and PF
(the OpenBSD packet filter) would be an excellent choice."

PF is an excellent firewall choice and easier to configure than most command
line based firewalls.  Easier to configure usually means reduction in
mistakes and therefore more secure than most.  Plus, the functionality of
the firewall makes it indeed powerful.  Although PF is an excellent
firewall, nothing is perfect and do not expect absolute security from just
the firewall.  Remember the key to information security is about defense in
depth or layered security with continuous fine comb tuning and monitoring.

PF is a great first step to defense and depth and I have used PF in the
past.  I recently decided to use IPFW2 at home to test it out.  Fwbuilder is
an excellent open source tool that allows you to configure your pf firewall
with objects and through a GUI which in turn further decreases the chances
of errors in firewall configuration.

http://sourceforge.net/projects/fwbuilder/

Here is the guide to pf and it is very straight forward.  The firewall
configuration example is great after some tweaking to accommodate your
network.  If you are not familiar with pf and/or firewall configuration, I
would start with the example and improve your skills and configuration from
there.

http://www.openbsd.org/faq/pf/index.html


Regards,

Greg DeGennaro Jr., CISSP, CCNP
Systems Engineer

"Network Security is Y2K without the deadline" - Network Security Secrets
and Solutions 1999



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault