Security Basics mailing list archives

RE: firewalls

From: "Tim Clewlow" <tim () clewlow org>
Date: Wed, 14 Jan 2009 17:57:09 +1100 (EST)


I use FreeBSD with pf. Rock solid security. Cannot be cracked by any
means, many have tried, my logs are full of failed attempts by slack
script kiddies, zombie armies, and a couple of more capable
attempts. I have also tried monowall, smoothwall, ipcop, but
honestly I never feel as secure  with those, I'm sure they are good
enough, but I like to be certain. And rolling my own setup with a
minimal install of a BSD and then edit my own pf.conf means I
**know** it is secure. Also, rolling your own means you can build
auto IDS mechanisms to honeypot the little bastards for a while
before terminating the connection - and then automagically add them
to a blacklist for kicks. Lastly rolling your own means you can
setup proper bandwidth shaping by mixing and matching protocols, ips
and priorities - so you can configure the QOS  of these things to
match up with your particular company's intranet layout. The distro
firewalls are never going to be up to the same high standard, they
are like winblows products, a bare minumum firewall setup that will
suffice for many common basic network layouts. But if you really
want to create a high end firewall, I believe you can only do that
by building it yourself.

my 2c, tim.

I haven't used it for a while, but try IPCOP - http://www.ipcop.org/

Wilson

-----Original Message-----
From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com] On Behalf Of Damian
Sent: Sunday, 11 January 2009 11:54 AM
To: Sec-Basics
Subject: firewalls

So I need some advice on firewall security. I use ubuntu servers at
work and am very comfortable with debian.  At work we have a cisco
piz
firewall....however another smaller company we help doesn't have the
budget or staff for a pix firewall.  I was considering using a
distro
like redwall or smoothwall and was wondering if anyone had any
experience with dedicated distros like these.  Also do these distros
offer better security then larger installations?

Message protected by MailControl: e-mail anti-virus, anti-spam and
content filtering.
http://www.mailcontrol.com



-- 
The code that never executes at all is the fastest.

Current thread:

firewalls Damian (Jan 12)
- RE: firewalls Emilio Morla (Jan 12)
- Re: firewalls xgermx (Jan 12)
- Re: firewalls H. Kurth Bemis (Jan 12)
- Re: firewalls Rick Rune (Jan 12)
  - Re: firewalls Benjamin Langtry (Jan 13)
- Re: firewalls pUm (Jan 13)
- <Possible follow-ups>
- Re: firewalls stcroix111 (Jan 12)
  - Re: firewalls Morgan Reed (Jan 13)
- RE: firewalls Wilson (Jan 13)
  - RE: firewalls Tim Clewlow (Jan 14)
- Fw: firewalls john . b . williams (Jan 14)