Firewall Wizards mailing list archives
RE: Firewall Throughput
From: "Robert Purdy" <liteyear () ihug co nz>
Date: Fri, 15 Sep 2000 20:26:46 +1200
Not to split hairs, but Free/Open/NetBSD aren't part of the GNU or Linux projects. They are licensed under the BSD Lic which has simularties and major differences with the GPL.
Point taken, in my haste I made a mistake
Purely because business' don't have the time or capital to paysomeone togot over the code and check it.At least you have the option should you find the time/$$$.
Not to be disrespectful, yes companies that are worried about security should spend the time and the money but, in reality 98% (guessdamate) of companies don't have time or money to fund something like that.
code and its exploiting it left right and center? (There is aflip side to the argument for this that there could be a holein CP or PIXthat is unreported)One should point out that the BSD derivatives and especially OpenBSD have shown themselves to have *far* fewer exploits than commercial OSes like Solaris or NT. OpenBSD hasn't had a published remote root exploit in like 3 years- even though the code is freely available. The reason for this is becuase the OpenBSD team *does* a security audit for all their code- they're actually quite religous about it. You might be able to argue their methodology, but you can't argue the results.
Yes, but a lot of exploits come out of poor installations and configurations. Those exploits that have been found as of the past 9-12months have been fundamental and exploited many firewalls. There is a problem in that the closed nature of NT and Solaris means no-one audits the code that forms the fundamental building blocks of the firewall (namely the TCP/IP stack). This is where commercial firewalls fall down; hopefully the split of MS may go somewhere into rectifiying this.
At least with closed code its going to take something more than a script kiddie or someone with time on thier hands to break it.Also with closed source code you're locked into the ability of the vendor to provide a fix which often takes weeks or months. Open source code from what I see tends to be fixed much quicker than commercial software.
Checkpoint had a service pack out days after the Blackhat release @ the conference. Checkpoint actually contacted the guys from norway? and asked weeks before its release what was wrong and how they could work to fix it.
Well shouting at some tech support guy who probably doesn't know how to write a line of code him/herself may feel really good (I've done it myself) the reality is that it doesn't really help me any. I'd much rather have the email address of the author and find out what's going on (nicely). My experiance has been that they are very eager to help and generally more capable then their commercial counterparts.
Well not so in my experience. My last trouble ticket with Checkpoint was in NZ for a day, escialted to Aussie the next, then US; they build the exact firewall I had and spent 2 days on the phone with me. After that it was escalated to Isreal where we have been sending emails back and forth over the past month. The problem is still not resolved but this is not thier fault in that they cannot replicate the problem and all data I am providing isn't pointing to anything particular. Given that responces are about a day apart but this would be the same if I was waiting for a post in a news group (that may never come).
Aaron PS. Actually I love Linux and use it all the time for just about everything, but I've got to admit that OpenBSD is the most secure OS out there, hands down.
Me to; the only reason I use NT is because customers either demand or are bound to it. Linux is what I want and do run at home. I never ment this to be a flame war about Open Source, if people feel strongly against it they should post to me and not the list. _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- Re: Firewall Throughput, (continued)
- Re: Firewall Throughput Patrick Darden (Sep 12)
- Re: Firewall Throughput Darren Reed (Sep 12)
- Re: Firewall Throughput Patrick Darden (Sep 12)
- Re: Firewall Throughput Darren Reed (Sep 13)
- Vague Negative Blah Patrick Darden (Sep 14)
- Re: Firewall Throughput Ryan Russell (Sep 14)
- RE: Firewall Throughput JVBrown (Sep 13)
- RE: Firewall Throughput Robert Purdy (Sep 13)
- Re: Firewall Throughput Darren Reed (Sep 13)
- RE: Firewall Throughput Aaron Turner (Sep 14)
- RE: Firewall Throughput Robert Purdy (Sep 16)
- RE: Firewall Throughput Chris Cappuccio (Sep 14)
- Re: Firewall Throughput Christopher Nielsen (Sep 13)
- Re: Firewall Throughput Patrick Darden (Sep 14)
- Plan9 (was Re: Firewall Throughput) Christopher Nielsen (Sep 16)
- Re: Firewall Throughput Carson Gaspar (Sep 12)
- Re: Firewall Throughput Andy Smith (Sep 12)
- Re: Firewall Throughput Patrick Darden (Sep 06)