Re: Question about CyberGuard

["Icefox@Home" <e () techie com>]

Dear Gibson,

I personally have no experience with Cyberguard so can't comment on that.
However, I do interest in your point about NT shop with UNIX as firewall. I
think this is kind of philosophical question when we are going to discusss
whether UNIX is a better platform for Firewall. I must say my personal
preference is UNIX for its history in the field and easily accesible to
source code. This mean the OS is well tested and source code accessibility
means exploit can be fixed quickly. However, from a management standpoint,
NT is more easy to use (doesn't mean more easy to manage). My major concern
with NT as a firewall platform is mainly due to it newness and mystery in
its TCP/IP stack. You can always expect additional bugs when some bugs is
being fixed my MS.

By accident, I find a product called Watchguard Firebox. It seems to me the
best of the both world. The design of this product is rather neat. This
company has intelligently separate the configuration and management portion
of a UNIX Firewall from its operating system. It comes with a set of
management software which can run on Win95, Win NT 4.0 and also Red Hat
Linux. You can do the configuration in the familiar Windos GUI. Once
configuration is finished you activate a firewall creation function which
will eventually generate a FLOPPY disk with a less than 400K firewall kernel
and its configuration file in the floppy disk. You then use that floppy disk
to boot up the hardware device that COME with this solution. This s/w + h/w
approach, take away a lot of cost in actually owning a firewall. You see, I
don't need to care about NOS admin, server backup, NOS software upgrade.
Very neat. The firewall kenel is actually a Linux OS with all the uncessary
network service disbled.

I would highly recommend you to have a look at that product.

Emmanuel

Gibson, Brian wrote:

>  I have read several reviews of many of the commercial firewall products
> but I have not seen any reviews or comments about CyberGuard here. Could
> anyone tell me whether this is a solid product. I have been given the
> task of implementing a firewall system for my company but I really am
> just a beginner in the field of security or Unix for that matter.
>  We decided to go with CyberGuard, although we are a mostly NT shop, we
> felt that it was necessary to go a Unix box for a firewall. The trouble
> is that we don't have a lot of Unix experience in the office and we
> aren't likely to get any in the near future. Are there any known holes
> with this system that I should know about?
>  It is up to me to learn a lot more about Unix, specifically SCO, in a
> very short time. Does anyone know of a good book to give a solid
> fundamental understanding of Unix concepts? Not so much the commands but
> the structure and conceptual design of a Unix system. I doubt I will be
> able to get a SysAdmin course from my company so that option is not
> available. Any help would be greatly appreciated.
>
>  I realize that these questions are not truly on topic and perhaps this
> post qualifies as noise but I felt that I would get a much more
> qualified answer here than in a newsgroup for instance. Thanks for any
> help.
>
>  Brian Gibson