Educause Security Discussion mailing list archives
Re: PIX/AS Vs. Linux/IPtables
From: "HALL, NATHANIEL D." <halln () OTC EDU>
Date: Wed, 30 Sep 2009 10:33:55 -0500
I would disagree with your statements. PIX/ASA devices still have an OS so they could be compromised just like a Netfilter host. If the Netfilter firewall is standalone, just as the PIX/ASA, then you could easily secure it. As for mistakes being made by the admin, that can happen with any system. It is not limited to Netfilter. It all depends on how you configure it. -- Nathaniel Hall, GSEC GCFW GCIA GCIH GCFA Network Security System Administrator OTC Computer Networking From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Gary Dobbins Sent: Wednesday, September 30, 2009 5:42 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] PIX/AS Vs. Linux/IPtables Not offhand, but I can offer this advantage over iptables (presuming you mean in-host filtration, versus using Linux as a standalone external filter system): The ASA being separate reduces the chances of a mistake by a sysadmin in adjusting the filter, or a compromised machine being able to adjust its own filter rules. From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of ron behrang Sent: Tuesday, September 29, 2009 10:38 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] PIX/AS Vs. Linux/IPtables Hello, Does anyone know of a good paper on the merits of using PIX/ASA instead using Linux/iptables? Thanks Ron
Current thread:
- PIX/AS Vs. Linux/IPtables ron behrang (Sep 29)
- <Possible follow-ups>
- Re: PIX/AS Vs. Linux/IPtables Gary Dobbins (Sep 30)
- Re: PIX/AS Vs. Linux/IPtables HALL, NATHANIEL D. (Sep 30)
- Re: PIX/AS Vs. Linux/IPtables Justin Azoff (Sep 30)
- Re: PIX/AS Vs. Linux/IPtables Joe Vieira (Sep 30)
- Re: PIX/AS Vs. Linux/IPtables Gary Dobbins (Sep 30)
- Re: PIX/AS Vs. Linux/IPtables John Ladwig (Sep 30)
- Re: PIX/AS Vs. Linux/IPtables David Gillett (Sep 30)