Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos network security services platform







Security Basics: RE: firewalls

RE: firewalls

From: Tim Clewlow <tim_at_clewlow.org>
Date: Wed, 14 Jan 2009 17:57:09 +1100 (EST)

I use FreeBSD with pf. Rock solid security. Cannot be cracked by any
means, many have tried, my logs are full of failed attempts by slack
script kiddies, zombie armies, and a couple of more capable
attempts. I have also tried monowall, smoothwall, ipcop, but
honestly I never feel as secure with those, I'm sure they are good
enough, but I like to be certain. And rolling my own setup with a
minimal install of a BSD and then edit my own pf.conf means I
**know** it is secure. Also, rolling your own means you can build
auto IDS mechanisms to honeypot the little bastards for a while
before terminating the connection - and then automagically add them
to a blacklist for kicks. Lastly rolling your own means you can
setup proper bandwidth shaping by mixing and matching protocols, ips
and priorities - so you can configure the QOS of these things to
match up with your particular company's intranet layout. The distro
firewalls are never going to be up to the same high standard, they
are like winblows products, a bare minumum firewall setup that will
suffice for many common basic network layouts. But if you really
want to create a high end firewall, I believe you can only do that
by building it yourself.

my 2c, tim.

> I haven't used it for a while, but try IPCOP - http://www.ipcop.org/
>
> Wilson
>
> -----Original Message-----
> From: listbounce_at_securityfocus.com
> [mailto:listbounce_at_securityfocus.com] On Behalf Of Damian
> Sent: Sunday, 11 January 2009 11:54 AM
> To: Sec-Basics
> Subject: firewalls
>
> So I need some advice on firewall security. I use ubuntu servers at
> work and am very comfortable with debian. At work we have a cisco
> piz
> firewall....however another smaller company we help doesn't have the
> budget or staff for a pix firewall. I was considering using a
> distro
> like redwall or smoothwall and was wondering if anyone had any
> experience with dedicated distros like these. Also do these distros
> offer better security then larger installations?
>
>
> Message protected by MailControl: e-mail anti-virus, anti-spam and
> content filtering.
> http://www.mailcontrol.com
> 

-- 
The code that never executes at all is the fastest.
Received on Jan 14 2009
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]