Firewall Wizards mailing list archives
Re: Firewall Throughput
From: Chris Calabrese <christopher_calabrese () merck com>
Date: Tue, 12 Sep 2000 13:35:46 -0400
From everything I've heard, the PIX (and the NetRanger) are
based on a stripped down version of Solaris x86. Therefore, Cisco has definitely crossed the line in claiming that PIX is not based on a Unix system. Darren Reed wrote:
In some email I received from Patrick Darden, sie wrote:Darren, "Cisco push it along the lines of 'you don't want unix/windows on your firewall because they're crashable'" I would like to know where they state that. It would be pretty hypocritical as the PIX has a Unix based OS (Plan 9).http://www.cisco.com/univercd/cc/td/doc/pcat/fw.htm Look for the words "Non-Unix" (strictly speaking, this *is* true even if it is Plan 9). They're different, they need a marketting angle, they drive it."You damn well don't want a router as a firewall" I don't know of many firewalls that aren't routers as well, that includes the IP Filter you seem to like so much and even the BSD-based NOKIA running Checkpoint FW1. Application-layer proxy based firewalls usually aren't routers, but otherwise...Router = thing which tftp's boot images, does BGP4, has no hard disk, etc. Or to put it more succinctly in this thread, a Cisco 1234 thing. You don't use unix boxes to do routing when you're serious about routing and likewise you shouldn't use routers to do firewalling when you're serious about firewalling. If I'm really serious about security then I *will* use/recommend a proxy firewall, even in addition to anything else which is there. There are some things they offer which just can't be matched, in terms of security, by any packet-filtering based firewall."I *refuse* to believe that Linux is a reliable/secure platform" No offense, but I have Solaris, BSD, AIX, and Linux running here--and all of them are stable and reliable. I had one hard-used Linux server running for almost 2 years before I recently took it down for some upgrades.Do yourself a favour and stay ignorant of the development methodology that goes on "behind the scenes" with Linux. What are they now, 2.4.pre34-test83, and still making major architectural changes inside it. That's *insane*. Sure, Solaris is stable, but you can't strap it down as securely as you can BSD, plus you get source code for BSD. Darren _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Attachment:
christopher_calabrese.vcf
Description: Card for Chris Calabrese
Current thread:
- Re: Firewall Throughput, (continued)
- Re: Firewall Throughput Andy Smith (Sep 12)
- Re: Firewall Throughput Rick Murphy (Sep 06)
- Re: Firewall Throughput Patrick Darden (Sep 06)
- Re: Firewall Throughput Andy W (Sep 06)
- Re: Firewall Throughput bsgupta (Sep 07)
- RE: Firewall Throughput Robert Purdy (Sep 08)
- RE: Firewall Throughput Mills, Craig (Sep 12)
- Re: Firewall Throughput Chris Calabrese (Sep 12)
- RE: Firewall Throughput Ben Nagy (Sep 12)
- RE: Firewall Throughput Ben Nagy (Sep 12)
- Re: Firewall Throughput Chris Calabrese (Sep 13)
- RE: Firewall Throughput LeGrow, Matt (Sep 14)
- Re: Firewall Throughput jan (Sep 16)