Security Basics mailing list archives
RE: suggestions on a good firewall
From: "David Gillett" <gillettdavid () fhda edu>
Date: Wed, 21 May 2003 09:45:15 -0700
No matter how much you harden it, a GENERAL PURPOSE operating
system includes, as a fundamental feature, the ability to load
and execute binary modules which perform arbitrary operations.
A special-purpose OS, such as that in the Cisco PIX, or the
firmware built into most NetScreen products, can completely
dispense with this feature (or at least cripple it much more
thoroughly).
The result is that there is a whole class of attacks to which
a firewall hosted on an improperly/insufficiently hardened GP
OS might be subject, which can only threaten a firewall on an
SP OS if the firewall's creators are terribly incompetent.
One might, with due diligence and a competent admin, conclude
that this threat is small enough to ignore in any specific
installation, and GP OS firewalls remain a very cost-effective
option when that is the case.
But if you won't or can't do that evaluation, and have to
choose an all-round "best" -- which may also mean that you don't
have much leverage to keep others from loading additional
applications on a GP OS box "to save money" -- then SP
("hardware") is the way to go.
David Gillett
-----Original Message----- From: Dan.Hemphill () warehouse com [mailto:Dan.Hemphill () warehouse com] Sent: May 21, 2003 08:45 To: jeffr76 () yahoo com; security-basics () securityfocus com; bloodk () prodigy net mx Subject: RE: suggestions on a good firewall What the people ragging on Linux firewalls don't realize is that it is indeed a hardware firewall, as it runs on its own dedicated hardware. If you were to buy a Linksys, Netgear, or even something more expensive like Cisco, those are hardware firewalls too, but they STILL run an embedded operating system. A software firewall is a piece of software that runs on the host it's trying to protect, such as Zone Alarm, for example. I look forward to hearing the reasons (read: factual evidence) that state why a Linux firewall such as Smoothwall or Astaro are a bad idea(tm). -Dan -----Original Message----- From: Jeff [mailto:jeffr76 () yahoo com] Sent: Tuesday, May 20, 2003 12:36 PM To: security-basics () securityfocus com; Ing Bernardo Lopez Subject: Re: suggestions on a good firewall ok I'll bite Why is Linux or the others in this thread a bad idea as a firewall. I see you would recommend a hardware firewall. does this mean like a linksys or netgear or raptor or one of those type of LINUX based firewall systems. I have deployed Linux,Cisco, and raptors based firewall and the difference I have see is support and cost. Linux being the less cost and Cisco being the most. if it was my network and I was making the security policy I would chose Linux or raptor Cisco is just too much money for a personal or small company network. just my .02 Jeff ----- Original Message ----- From: "Ing Bernardo Lopez" <bloodk () prodigy net mx> To: <security-basics () securityfocus com> Sent: Monday, May 19, 2003 4:49 PM Subject: Re: suggestions on a good firewallYea, linux as a firewall is poor than microsoft, bether useOpenBSD or buy ahardware firewall... dont be a poor freak guy... On Saturday 17 May 2003 12:07, kerberus wrote:Please get a real Firewall use OpenBSD and PF On Fri, 2003-05-16 at 14:50, Tom Sevy wrote:I 2nd ipcop as a suggestion... -----Original Message----- From: Mike Moore [mailto:mike () moorecomputing net] Sent: Thursday, May 15, 2003 7:14 PM To: security-basics () securityfocus com Subject: RE: suggestions on a good firewall Or even better www.ipcop.org . A lot better support andno abuse.-----Original Message----- From: Dan Tesch [mailto:dantel () rb-group com] Sent: Wednesday, May 14, 2003 1:37 PM To: Beaney, Derek; security-basics () securityfocus com Subject: Re: suggestions on a good firewall Try www.smoothwall.org Beaney, Derek wrote:im planning on making a firewall for my homesystem.. I am runningwindowsXP / SuSE 8.1 dual boot what I want to do isset up anothercomputer to act as a firewall for my main system. what Iwant this todo is to be able to control what enters and leavesmy system with away to set up permissions. preferably I would like to have afirewallrunning on either a Linux or Unix os ... no m$ =) tia-------------------------------------------------------------- ------------- Thinking About Security Training? You Can't Afford Not To! Vigilar's industry leading curriculum includes: Security +, Check Point, Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now! --UP TO 30% off classes in select cities-- http://www.securityfocus.com/Vigilar-security-basics -------------------------------------------------------------- ---------------------------------------------------------------------------- ------------- Thinking About Security Training? You Can't Afford Not To! Vigilar's industry leading curriculum includes:Security +, Check Point,Hacking & Assessment, Cisco Security, Wireless Security & more!RegisterNow! --UP TO 30% off classes in select cities-- http://www.securityfocus.com/Vigilar-security-basics-------------------------------------------------------------- ---------------------------------------------------------------------------- ------------- Thinking About Security Training? You Can't Afford Not To! Vigilar's industry leading curriculum includes:Security +, Check Point,Hacking & Assessment, Cisco Security, Wireless Security & more!RegisterNow! --UP TO 30% off classes in select cities-- http://www.securityfocus.com/Vigilar-security-basics-------------------------------------------------------------- ---------------------------------------------------------------------------- ------------ -Thinking About Security Training? You Can't Afford Not To! Vigilar's industry leading curriculum includes: Security +, CheckPoint,Hacking & Assessment, Cisco Security, Wireless Security &more! RegisterNow! --UP TO 30% off classes in select cities-- http://www.securityfocus.com/Vigilar-security-basics-------------------------------------------------------------- ------------ ---------------------------------------------------------------- ------------ -Thinking About Security Training? You Can't Afford Not To! Vigilar's industry leading curriculum includes: Security+, Check Point,Hacking & Assessment, Cisco Security, Wireless Security &more! Register Now!--UP TO 30% off classes in select cities-- http://www.securityfocus.com/Vigilar-security-basics-------------------------------------------------------------- ------------ -- -------------------------------------------------------------- ------------- Thinking About Security Training? You Can't Afford Not To! Vigilar's industry leading curriculum includes: Security +, Check Point, Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now! --UP TO 30% off classes in select cities-- http://www.securityfocus.com/Vigilar-security-basics -------------------------------------------------------------- -------------- -------------------------------------------------------------- ------------- Thinking About Security Training? You Can't Afford Not To! Vigilar's industry leading curriculum includes: Security +, Check Point, Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now! --UP TO 30% off classes in select cities-- http://www.securityfocus.com/Vigilar-security-basics -------------------------------------------------------------- --------------
--------------------------------------------------------------------------- Thinking About Security Training? You Can't Afford Not To! Vigilar's industry leading curriculum includes: Security +, Check Point, Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now! --UP TO 30% off classes in select cities-- http://www.securityfocus.com/Vigilar-security-basics ----------------------------------------------------------------------------
Current thread:
- RE: suggestions on a good firewall, (continued)
- RE: suggestions on a good firewall Jon Pastore (May 30)
- RE: suggestions on a good firewall Dan . Hemphill (May 19)
- Re: suggestions on a good firewall salgak (May 21)
- RE: suggestions on a good firewall Mark Ng (May 21)
- Re: suggestions on a good firewall salgak (May 21)
- RE: suggestions on a good firewall dave (May 22)
- Re: suggestions on a good firewall planz (May 22)
- RE: suggestions on a good firewall Dan . Hemphill (May 21)
- RE: suggestions on a good firewall Jim Barrett (May 22)
- RE: suggestions on a good firewall Des Ward (May 23)
- RE: suggestions on a good firewall David Gillett (May 22)
- RE: suggestions on a good firewall Jim Barrett (May 22)
- RE: suggestions on a good firewall Mike Heitz (May 22)
- RE: suggestions on a good firewall Potter, Tim (May 22)
- RE: suggestions on a good firewall Christopher Harrington (May 22)
- RE: suggestions on a good firewall Mann, Bobby (May 23)
- RE: suggestions on a good firewall David Ellis (May 23)
- Re: suggestions on a good firewall salgak (May 23)
- RE: suggestions on a good firewall wjnorth (May 23)
- RE: suggestions on a good firewall dave (May 26)
- Re: suggestions on a good firewall salgak (May 23)
- RE: suggestions on a good firewall Chris Berry (May 23)
(Thread continues...)