Home page logo

nanog logo nanog mailing list archives

RE: Microsoft to ship new versions with firewall enabled
From: Scott McGrath <mcgrath () fas harvard edu>
Date: Thu, 14 Aug 2003 13:07:07 -0400 (EDT)

The checkpoint and Pix Boxen are what we use here.  But we also use
ipchains to secure things at a host level.

                            Scott C. McGrath

On Thu, 14 Aug 2003, Drew Weaver wrote:

ipchains and similar firewalls are indeed far superior.  I manage "real"
firewalls as part of my responsibilities.

However the new microsoft policy will help protect the network from Joe
and Jane average who buy a PC from the closest "big box" store and hook it
up to their cable modem so they can exchange pictures of the kids with the
grandparents in Fla.  This is the class of users who botnet builders dream
about because these people do not see a computer as a complex system which
_requires_ constant maintenance but as a semi-magical device for moving
images and text around.


I don't believe that many people really see ipchains as a real viable
firewall. I think it is awesome, but in many corporations simply mentioning
it gets you a stern eyeing. Of course these corporations can spend tons of
money on Checkpoint and PIX boxen.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]