Educause Security Discussion mailing list archives
Re: PIX/AS Vs. Linux/IPtables
From: Joe Vieira <jvieira () CLARKU EDU>
Date: Wed, 30 Sep 2009 11:58:31 -0400
The thing to consider is that it's always good to have multiple layers. So if you're securing hosts (prolly a lot of Linux hosts) behind a dedicated firewall (Linux or ASA) it's not a bad idea to have a different OS / device in the mix. Right so if there is some HUGE misconfiguration in your 'standard' Linux firewall, or some HUGE bug in IPTABLES. Having a different device will reduce your risk. While ASA's run Linux it's a different set up with a lot of different configurations on it than a normal IPTABLEs setup. -Joe Justin Azoff wrote:
On Wed, Sep 30, 2009 at 10:33:55AM -0500, HALL, NATHANIEL D. wrote:I would disagree with your statements. PIX/ASA devices still have an OS so they could be compromised just like a Netfilter host. If the Netfilter firewall is standalone, just as the PIX/ASA, then you could easily secure it.And the ASA is actually just a linux box, so you're really comparing apples to.. apples :-)
Current thread:
- PIX/AS Vs. Linux/IPtables ron behrang (Sep 29)
- <Possible follow-ups>
- Re: PIX/AS Vs. Linux/IPtables Gary Dobbins (Sep 30)
- Re: PIX/AS Vs. Linux/IPtables HALL, NATHANIEL D. (Sep 30)
- Re: PIX/AS Vs. Linux/IPtables Justin Azoff (Sep 30)
- Re: PIX/AS Vs. Linux/IPtables Joe Vieira (Sep 30)
- Re: PIX/AS Vs. Linux/IPtables Gary Dobbins (Sep 30)
- Re: PIX/AS Vs. Linux/IPtables John Ladwig (Sep 30)
- Re: PIX/AS Vs. Linux/IPtables David Gillett (Sep 30)