lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <002801c1da41$06ef25b0$6300a8c0@LUFKIN.DPSOL.COM>
From: purdy at tecman.com (Curt Purdy)
Subject: Linux firewall

Considering that you can get a cisco 501 for around $500 and as long as you
don't have internal servers, is pretty much plug and play with it's 3rd
generation gui interface, it's pretty hard to beat for the SMB market.  The
gui even makes internal server natting pretty simple.

Curt

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Michael
Bergbauer
Sent: Thursday, June 19, 2003 5:11 AM
To: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] Linux firewall


On Wed Jun 18, 2003 at 04:4525PM -0400, Spencer, Gary  TRI-S INC wrote:
> Hello everyone. I have been following the discussions for a few months now
> and enjoy the technical information that everyone has to share. What would
> your recommendations be for a Linux firewall? And would you use a 50,000
> Cisco firewall instead??

As most others already pointed out, you have a wide variety of
possibilities to choose, and it is very hard to give some
recommandations, especially as none of the readers here has the
necessary background knowlegde about what you want to protect and
against which kind of attackers.

Step back and think about it. A firewall is not a piece of hardware,
but a sheet of paper that contains information about your threats, how
dangerous they are, how likely they will occur, and how you want to
protect against them. This last part can be achieved by simply not
connecting your network to any public network, because you can't protect
it sufficently, or you can rely on something called a packet filter, or
application level gateways.

When your security concept contains something called commonly
"firewall", you have to decide which one to choose. As I already
mentioned, there are lots of different solutions available, from very
cheap ones to very expensive ones, and you have to consider a lot of
factors. I hardly can suggest using a linux box if you (or anyone at
your site) has no or not much expirience with linux at all. Chances are
very likely that you can't achieve what you want to, and instead, a
Cisco box, though much more expensive can be a better protection,
especially when you are very experienced with that systems already.

Hope this helps

--
Michael Bergbauer <michael@...ame.franken.de>
use your idle CPU cycles - See http://www.distributed.net for details.
Visit our mud Geas at geas.franken.de Port 3333
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ