Re: COmpare Firewalls

["Ryan Russell" <Ryan.Russell () sybase com>]

Let me start of with the statement that I'm not a fan of MSProxy,
for reasons I won't go into here, but...

> I am trying to convince the people in the IT dept. here that they should get
> rid of the Microsoft Proxy which is now the only "buffer" between our network
> (192.168.*) and the internet and to get a firewall.

It is a firewall.  It's got packet filtering and proxying.  That's as classic
a definition of firewall as you're going to get.

> My questions are: 1. Can anybody point me to a site with some information
> about the poor reliability/security/etc. of M$ Proxy?

Not aware of any at present, sorry.  As a general information source,
check out:

http://proxyfaq.networkgods.com/

Perhaps you can infer something to support your position from the
number of bugs and patches there has been for the product.

<snip>

> and 3. I'm trying also to promote
> LINUX (RH6.0 with ipchains) as a temporary solution; can anybody point me to a
> site where I can find "tons" of information (especially advantages) of using
> LINUX ? ( success stories, important companies using LINUX as a firewall
> etc...).

Many veterans of the SPF vs. Proxy wars will tell you that MSProxy (modulo
any bugs) ought to be more secure than ipchains, which is more-or-less a
stateful packet filter (SPF).

If MSP is currently meeting your functional needs, you should probably look
at equivalent proxy based commercial products (or perhaps even free
stuff like FWTK.)  Probably on top of *nix from what I'm reading in your note.

                              Ryan