Security Basics mailing list archives
Re: Firewall recommendations?
From: "Bryan S. Sampsel" <bsampsel () libertyactivist org>
Date: Mon, 10 Mar 2003 15:10:18 -0700
I've worked with Netscreen, PIX, Borderware, Linux IPCHAINS, Linux IPTABLES, Firewall Toolkit, Socks, and Raptor...not to mention the SOHO products like Netgear.
Of these products, Netscreen blew the most smoke up the customer's butt. The device was supposed to load balance for our web servers. Turned out, after cornering Netscreen, that feature wasn't working like advertised. This was a $10K product. The interface was counter-intuitive if you've worked with other firewall products.
PIX is a good first layer firewall. I'd use it as the layer just past the router.
Linux IPTABLES (kernel 2.4.x) is good like the PIX. Same use as far as I'm concerned.
Firewall toolkit was great in its day. Unfortunately, many of its proxies are not maintained by TIS since NAI bought TIS. IT was also not transparent.
Socks was good. and at one point, free.Raptor was OK. Decent application proxy firewall...don't remember if it did stateful packet or not though.
Borderware is based on a hardened BSDi, so it runs on Intel hardware. This is an amazing product. Efficient, secure, and robust. It also holds security ratings that none of the others do. This is my first choice for application proxy protection.
Ideally, you'd layer packet filtering (some non-stateful at the router and stateful at the PIX or Linux box), and place your application firewall behind that, protecting your systems on the application layer from various attacks. Another side benefit of application proxy servers like Raptor and Borderware is that you can put a bandwidth throttle on things like streaming audio/video.
Hope this helps, bryan rdusek () myway com wrote:
I am in charge of researching a firewall to replace what we currently have. At my previous job I had used Microsoft ISA in a low-security environment, and was happy with its features, and its integration with the Windows environment there. However, at my current job, security is a much greater concern, and I have to admit,
*snipped*
Current thread:
- Firewall recommendations? rdusek (Mar 07)
- AW: Firewall recommendations? Thorsten Dampf -- 7stein.net (Mar 07)
- Re: Firewall recommendations? David M. Fetter (Mar 08)
- Re: Firewall recommendations? Chris Travers (Mar 10)
- Re: Firewall recommendations? Bryan S. Sampsel (Mar 11)
- <Possible follow-ups>
- RE: Firewall recommendations? David Ellis (Mar 08)
- Re: Firewall recommendations? Ivan Coric (Mar 08)
- RE: Firewall recommendations? Mark Kelsay (Mar 08)
- RE: Firewall recommendations? John Tolmachoff (Mar 11)
- RE: Firewall recommendations? Jacob (Mar 12)
- RE: Firewall recommendations? John Tolmachoff (Mar 13)
- RE: Firewall recommendations? Jeremy Stinson (Mar 13)
- RE: Firewall recommendations? David Gillett (Mar 17)
- RE: Firewall recommendations? Kevin Saenz (Mar 18)
- RE: Firewall recommendations? John Tolmachoff (Mar 11)
- RE: Firewall recommendations? Bhavin (Mar 12)