Security Basics mailing list archives
RE: Novice asks "OpenBSD best firewall?"
From: "DeGennaro, Gregory" <Gregory_DeGennaro () csaa com>
Date: Thu, 17 Jun 2004 06:56:50 -0700
"Best" sort of verges on the topic of religion but, yes, OpenBSD and PF (the OpenBSD packet filter) would be an excellent choice." PF is an excellent firewall choice and easier to configure than most command line based firewalls. Easier to configure usually means reduction in mistakes and therefore more secure than most. Plus, the functionality of the firewall makes it indeed powerful. Although PF is an excellent firewall, nothing is perfect and do not expect absolute security from just the firewall. Remember the key to information security is about defense in depth or layered security with continuous fine comb tuning and monitoring. PF is a great first step to defense and depth and I have used PF in the past. I recently decided to use IPFW2 at home to test it out. Fwbuilder is an excellent open source tool that allows you to configure your pf firewall with objects and through a GUI which in turn further decreases the chances of errors in firewall configuration. http://sourceforge.net/projects/fwbuilder/ Here is the guide to pf and it is very straight forward. The firewall configuration example is great after some tweaking to accommodate your network. If you are not familiar with pf and/or firewall configuration, I would start with the example and improve your skills and configuration from there. http://www.openbsd.org/faq/pf/index.html Regards, Greg DeGennaro Jr., CISSP, CCNP Systems Engineer "Network Security is Y2K without the deadline" - Network Security Secrets and Solutions 1999 --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Re: Novice asks "OpenBSD best firewall?", (continued)
- Re: Novice asks "OpenBSD best firewall?" die tuere (Jun 15)
- RE: Novice asks "OpenBSD best firewall?" Scot Turner (Jun 15)
- Re: Novice asks "OpenBSD best firewall?" Greg Tracy (Jun 15)
- Re: Novice asks "OpenBSD best firewall?" Times Enemy (Jun 16)
- Re: Novice asks "OpenBSD best firewall?" hideo (Jun 17)
- Re: Novice asks "OpenBSD best firewall?" T Shawn Knisely (Jun 15)
- Re: Novice asks "OpenBSD best firewall?" [Lukasz.Sztachanski] (Jun 16)
- RE: Novice asks "OpenBSD best firewall?" Boaz (Jun 21)
- RE: Novice asks "OpenBSD best firewall?" Malik Khan (Jun 16)
- RE: Novice asks "OpenBSD best firewall?" DeGennaro, Gregory (Jun 17)
- RE: Novice asks "OpenBSD best firewall?" DeGennaro, Gregory (Jun 17)