Firewall Wizards mailing list archives
Re: Firewall comparison
From: Bennett Todd <bet () newritz mordor net>
Date: Fri, 26 Feb 1999 17:43:43 +0000
1999-02-25-13:29:00 Radovan Semancik:
What info exactly are you interested in? Security? Pereformance? Design and technology issues? Implementation features and bugs?Design and technology. That's the thing that changes very slowly and has a major influence on overall security and performance.
I've gotta agree on that. These days, the design and technology that seems to me to make the best firewalls for many, perhaps most settings, are a good well-supported Open Source Unix-like OS like Linux or one of the free BSDs, together with a suitable mix of proxies for your needs (e.g. TIS fwtk, smtpd, plugdaemon, rinetd, qmail, squid), all nicely reinforced with some nice packet filtering like ipfw or ipfilter. The technology here isn't a big step from the oldest firewalls, mostly just adding the packet filtering reinforcement, but it's still the best. Packet filtering firewalls like the FW1 and the Pix are nice as somewhat sturdier replacements for screening routers, but for serious protection I'd rather have data streams getting proxied at the top of a nice solid IP stack and regenerated as nice shiny new packets, rather than having dirty packets from the outside passed right through by a filter. -Bennett
Current thread:
- Firewall comparison Radovan Semancik (Feb 24)
- Re: Firewall comparison -=ArkanoiD=- (Feb 25)
- Re: Firewall comparison Radovan Semancik (Feb 25)
- Re: Firewall comparison Bennett Todd (Feb 26)
- Re: Firewall comparison Radovan Semancik (Feb 25)
- <Possible follow-ups>
- RE: Firewall comparison Matt Lotz (Feb 25)
- Re: Firewall comparison Laurent LEVIER (Feb 25)
- Re: Firewall comparison ark (Feb 25)
- RE: Firewall comparison Jeff Bewley(Exch) (Feb 26)
- re: Firewall Comparison cschuttg () winning-strategies com (Feb 26)
- Re: Firewall comparison -=ArkanoiD=- (Feb 25)