Firewall Wizards mailing list archives
RE: Hardware vs. Software firewall reliability
From: "Garrahan, Kelvin" <Kelvin.Garrahan () compaq com>
Date: Wed, 15 Sep 1999 17:45:24 +0100
Hi, I agree with the process of hardening the NT Server that the Firewall should sit on. This goes for other systems that I would layer a Firewall onto. I know I would probably be laughed off the discussion group but one thing I liked about AltaVista firewall is that it automatically went through a lot of the hardening NT processes when it is being installed. Another thing when installed it come up in a secured state, unlike Firewall-1. I am currently working on a script that automates the majority of the NT hardening tasks, "playing with the registry stuff". There is some good links on phoneboy.com to hardening NT specifically for Firewall-1. I am not saying that AltaVista is better than Firewall-1, but I think that the main issue surrounding the deployment of Firewall-1 is that it is too ease to setup in a unsecured manner. This maybe true for other Firewalls, I am sure we all have opinions on that one. One thing that I am doing now on NT machines that I am preparing for a Firewall is to run a scanner on the machine, i.e. ISS or CyberCop. It maybe overkill but I like to do it as a quality check before I install the Firewall. With hardware Firewalls do we take it for granted that they are secured at the OS level, Nokia's IP Firewall range to the best of my knowledge has not received the ITSEC certification. This leads me to a concern, as we know with "Hardware Firewalls" like PIX and Nokia, they basically run on a proprietary OS, or cut down version like Nokia's FreeBSD. Surely there exist weaknesses in these systems, while they may not be widely know like Unix or NT cracks, an elite few maybe able to leverage them to compromise a system. I guess this is a strong reason for looking towards an IDS system to monitor what traffic is heading towards and through your Firewall! regards Kelvin Compaq Network Services Security Consultant.
Current thread:
- RE: Hardware vs. Software firewall reliability, (continued)
- RE: Hardware vs. Software firewall reliability Bill Stout (Sep 09)
- RE: Hardware vs. Software firewall reliability Ryan Russell (Sep 12)
- Tripwire like perl program Siglite (Sep 14)
- RE: Hardware vs. Software firewall reliability dwelch (Sep 14)
- RE: Hardware vs. Software firewall reliability Joe Ippolito (Sep 14)
- RE: Hardware vs. Software firewall reliability Bill Stout (Sep 14)
- RE: Hardware vs. Software firewall reliability Tina Bird (Sep 18)
- RE: Hardware vs. Software firewall reliability Joe Ippolito (Sep 18)
- Re: Hardware vs. Software firewall reliability Chenggong Charles Fan (Sep 18)
- RE: Hardware vs. Software firewall reliability dwelch (Sep 18)
- RE: Hardware vs. Software firewall reliability Garrahan, Kelvin (Sep 18)