Security Basics mailing list archives

Re: suggestions on a good firewall

From: salgak () speakeasy net
Date: Tue, 20 May 2003 16:40:24 +0000

-----Original Message-----
From: Mark Ng [mailto:laptopalias1-mark () informationintelligence net]
Sent: Tuesday, May 20, 2003 04:11 PM
To: security-basics () securityfocus com
Subject: RE: suggestions on a good firewall

Moderator:  Please feel free to completely disregard this mail if you think
I am being too harsh.  Thanks.

It's useful when expressing opinions to justify them.

Each solution generally has it's own merits and disadvantages.  Childish
behaviour such as "get a real" "x is better than x"(without any
justification) is just a waste of everyones time.  There are people on this
list who are genuinely trying to learn about security - these people need
justifications, not religious fervour or fanboyism.


Agreed.

A Windows box, properly locked down, can be a reliable firewall.  Locking it down can be a chore, a much easier chore 
with Win2003 server, but still takes some expertise and finesse.  I prefer hardware firewalls with a firmware basis, as 
they're harder to exploit, but many brands have reliability issues.  I'm currently running Checkpoint and Gauntlet on 
Solaris, but this is a production environment I've inherited.

For a good, relatively inexpensive firewall, I'd recommend the Linux-Mandrake firewall solution, running on commodity 
Intel hardware.  Simple to set up, fairly easy to run, easy to maintain.

The REAL question to ask when picking a firewall is really two questions:

1. What sort of threats am I defending against ?

2. What can my sysadmin handle ?  A Junior MCSE handed a Slackware IPChains box is not going to be terribly effective, 
as an example. ..



---------------------------------------------------------------------------
Thinking About Security Training? You Can't Afford Not To!

Vigilar's industry leading curriculum includes:  Security +, Check Point,
Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now!
--UP TO 30% off classes in select cities--
http://www.securityfocus.com/Vigilar-security-basics
----------------------------------------------------------------------------

Current thread:

Re: suggestions on a good firewall, (continued)
- - - Re: suggestions on a good firewall Jeff (May 23)
    - RE: suggestions on a good firewall Jason Dixon (May 26)
    - RE: suggestions on a good firewall Mark (fat) (May 21)
    - RE: suggestions on a good firewall Daniel B. Cid (May 22)
    - RE: suggestions on a good firewall silvia ghezzi (May 22)
    - RE: suggestions on a good firewall lassal (May 23)
    - Re: suggestions on a good firewall Andreas Happe (May 22)
    - RE: suggestions on a good firewall Daniel R. Miessler (May 21)
    - RE: suggestions on a good firewall Jon Pastore (May 30)
- RE: suggestions on a good firewall Dan . Hemphill (May 19)
- Re: suggestions on a good firewall salgak (May 21)
  - RE: suggestions on a good firewall Mark Ng (May 21)
- Re: suggestions on a good firewall salgak (May 21)
  - RE: suggestions on a good firewall dave (May 22)
  - Re: suggestions on a good firewall planz (May 22)
- RE: suggestions on a good firewall Dan . Hemphill (May 21)
  - RE: suggestions on a good firewall Jim Barrett (May 22)
    - RE: suggestions on a good firewall Des Ward (May 23)
  - RE: suggestions on a good firewall David Gillett (May 22)
- RE: suggestions on a good firewall Mike Heitz (May 22)
- RE: suggestions on a good firewall Potter, Tim (May 22)

(Thread continues...)