Firewall Wizards mailing list archives
FW appliances, open source, and the value of a name
From: kadokev () msg net
Date: Wed, 31 Jul 2002 22:58:13 -0500 (CDT)
I guess this is where something like overall Total Cost of Ownership (TCO) really comes into play. I like the functionality that open source platforms offer, and the price/performance ratio can't be beat,
When you start talking about "gigabit firewalls" and beyond, the equation changes as you get into ASIC solutions for which there is no "open source" equivalent. Another issue I have run into with a number of (Linux-based) security appliances is that the core functionality may be implemented in a secure fashion, yet other tools included from the Linux distribution expose a remote compromise. Often there are daemons left running only because the default (Red Hat, etc) distribution shipped with them enabled! I've published (a tiny subset of the many) remote compromises I have found related to various "Linux-based appliance" commercial products, commonly this is due to the use of "free" open source administration tools (HTTPd, SSHd, etc). Or the vendor has deployed an outdated version with a known hole, and often the vendor and/or users are slow about software updates for an "appliance" product, And Microsoft is not the only vendor suspected of holding back on security announcements to avoid losing face by publishing a patch immediately after a new release. I've also found a few instances where the software itself is secure, but the vendor has made a simple configuration error in their default build, replicated on every unit shipped.
but my main interest was in regards to all the hype around the PIX, and was there really anything that set it apart from other firewall solutions when it came to right down to the hardware. Again, thanks for all the feedback, and it's good to be back on this list.
I haven't really seen any hype around the PIX, and I have one of the first models sitting on a shelf gathering dust. Most network admins realize (especially if you've seen one of the older models) that there is nothing special about the hardware, and that a large part of the price of a PIX is the Cisco name and the IOS-like administrative interface. Kevin Kadow _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Fallout from the Cisco PIX Disection Art Mason (Aug 01)
- FW appliances, open source, and the value of a name kadokev (Aug 01)