RE: Re[4]: suggestions on a good firewall

["Christopher Harrington" <charrington () syseng com>]

> Well, first of all, BSD is OpenSource, Cisco IOS isn't. Open Source per
se is more secure than closed source because it >delivers powerful tools
for code quality as peer review, for example. Second, take a look at the
security mailing lists like Bugtraq: You'll find more remote
vulnerabilities for Cisco IOS than for OpenBSD. IMHO, that indicates a
higher code quality regarding security issues.

You cant authoritatively say that X is more secure than Y because X is
open source and Y isn't. There is no metric to measure that, it's
personal belief / assumptions. I agree that there are more Cisco vulns
than for OpenBSD the OS, that's as long as the person setting up and
maintaining the firewall knows how to properly secure a BSD box. Think
about the services that are installed with BSD such as Apache, syslogd,
ssh which have had vulns. 

With embedded OS's like on the PIX, you do not have worry about
configuring the OS for secure operation. You still have to worry about
properly configuring the rules...as with any firewall.

It still comes down to choice. What are you comfortable with and does it
provide the level of security you desire / need.

--Chris

---------------------------------------------------------------------------
Thinking About Security Training? You Can't Afford Not To!

Vigilar's industry leading curriculum includes:  Security +, Check Point,
Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now!
--UP TO 30% off classes in select cities--
http://www.securityfocus.com/Vigilar-security-basics
----------------------------------------------------------------------------