Firewall Wizards mailing list archives

Re: why isn't there a newer linux fw-howto

From: "Kevin T. Shivers" <kshivers () tis com>
Date: Tue, 06 Oct 1998 11:41:22 -0400


--->> From Alfred Huger

        Much like Perry, I am somewhat partisan in this issue. This being
said, I feel this whole thing is somewhat a moot point. Any OS you deploy as
a firewall needs to be locked down, significantly. I feel it comes down to
with what you're more comfortable deploying. If you're more familiar with
Linux, use it. The same is true for OpenBSD etc. At the end of the day you
still need to maintain this box and ensure it meets your needs. Use the
right tool for the right job I suppose. 

        Alfred Huger
        Network Associates Inc.

--->>


At 07:06 AM 10/6/98 -0400, Adam Shostack wrote:


      Its gotta be a system you know well.  If you know Linux back
and forth, then by all means, don't pick up *BSD because someone tells 
you its a good firewall box.  Its nothing without knowlegeable people
to tweak it.


I have to agree with what both of you have said. The person who sent out
this thread did not know much about any of the free UNIXes, so I offered
the suggestion that they may want to look at a BSD based system, which is
what I personally prefer. This is only my .02$, I want to let them decide.
I think Alfred is 100% right when he says you need to pick the right tool
for the job. For me that's a BSD system, and for others its Linux. These
systems are not that secure stock, but I personally feel that the current
BSD out-of-box installs are much more secure than current RedHat installs.
Now, I'm not saying that Linux can't be secure, but I feel that any BSD
out-of-box install gives you a better starting point. Any decent firewall
box will not remain stock for very long, so the point is kind of mute. I
suggest that people play with both OS types and then decide for themselves. 

FYI, an excellent source on securing Linux systems is at:
http://www.nmrc.org/nmrcOS/ . the NMRC is working on making an secure
install of Linux for free distribution. The basic things that they do to
their kernels are things that people who want to make Linux firewalls may
want to do. 


kts

Current thread:

RE: why isn't there a newer linux fw-howto Paul D. Robertson (Oct 01)
- <Possible follow-ups>
- RE: why isn't there a newer linux fw-howto Kevin T. Shivers (Oct 01)
  - Re: why isn't there a newer linux fw-howto Darren Reed (Oct 02)
    - Re: why isn't there a newer linux fw-howto Kevin T. Shivers (Oct 02)
  - Re: why isn't there a newer linux fw-howto Matt Curtin (Oct 05)
    - Re: why isn't there a newer linux fw-howto Adam Shostack (Oct 05)
    - Re: why isn't there a newer linux fw-howto Perry E. Metzger (Oct 05)
    - Re: why isn't there a newer linux fw-howto Jan B. Koum (Oct 06)
    - Re: why isn't there a newer linux fw-howto Adam Shostack (Oct 06)
    - Re: why isn't there a newer linux fw-howto Kevin T. Shivers (Oct 06)
    - Re: why isn't there a newer linux fw-howto Perry E. Metzger (Oct 05)
- RE: why isn't there a newer linux fw-howto Choi, Byoung (Oct 02)
- RE: why isn't there a newer linux fw-howto Huger, Alfred (Oct 06)