Firewall Wizards mailing list archives
Re: Question about CyberGuard
From: "Icefox@Home" <e () techie com>
Date: Wed, 24 Dec 1997 01:06:14 +0800
Dear Gibson, I personally have no experience with Cyberguard so can't comment on that. However, I do interest in your point about NT shop with UNIX as firewall. I think this is kind of philosophical question when we are going to discusss whether UNIX is a better platform for Firewall. I must say my personal preference is UNIX for its history in the field and easily accesible to source code. This mean the OS is well tested and source code accessibility means exploit can be fixed quickly. However, from a management standpoint, NT is more easy to use (doesn't mean more easy to manage). My major concern with NT as a firewall platform is mainly due to it newness and mystery in its TCP/IP stack. You can always expect additional bugs when some bugs is being fixed my MS. By accident, I find a product called Watchguard Firebox. It seems to me the best of the both world. The design of this product is rather neat. This company has intelligently separate the configuration and management portion of a UNIX Firewall from its operating system. It comes with a set of management software which can run on Win95, Win NT 4.0 and also Red Hat Linux. You can do the configuration in the familiar Windos GUI. Once configuration is finished you activate a firewall creation function which will eventually generate a FLOPPY disk with a less than 400K firewall kernel and its configuration file in the floppy disk. You then use that floppy disk to boot up the hardware device that COME with this solution. This s/w + h/w approach, take away a lot of cost in actually owning a firewall. You see, I don't need to care about NOS admin, server backup, NOS software upgrade. Very neat. The firewall kenel is actually a Linux OS with all the uncessary network service disbled. I would highly recommend you to have a look at that product. Emmanuel Gibson, Brian wrote:
I have read several reviews of many of the commercial firewall products but I have not seen any reviews or comments about CyberGuard here. Could anyone tell me whether this is a solid product. I have been given the task of implementing a firewall system for my company but I really am just a beginner in the field of security or Unix for that matter. We decided to go with CyberGuard, although we are a mostly NT shop, we felt that it was necessary to go a Unix box for a firewall. The trouble is that we don't have a lot of Unix experience in the office and we aren't likely to get any in the near future. Are there any known holes with this system that I should know about? It is up to me to learn a lot more about Unix, specifically SCO, in a very short time. Does anyone know of a good book to give a solid fundamental understanding of Unix concepts? Not so much the commands but the structure and conceptual design of a Unix system. I doubt I will be able to get a SysAdmin course from my company so that option is not available. Any help would be greatly appreciated. I realize that these questions are not truly on topic and perhaps this post qualifies as noise but I felt that I would get a much more qualified answer here than in a newsgroup for instance. Thanks for any help. Brian Gibson
Current thread:
- Question about CyberGuard Gibson, Brian (Dec 03)
- Re: Question about CyberGuard Icefox@Home (Dec 23)
- <Possible follow-ups>
- RE: Question about CyberGuard David Bonn (Dec 24)
- WatchGuard Firebox was RE: Question about CyberGuard Mark Teicher (Dec 25)