RE: Home Environment Cisco

["Loomis, Rip" <GILBERT.R.LOOMIS () saic com>]

> > List members,
> >
> > I seek your advice regarding which Cisco router to choose, if any. 
>
> I wouldn't get a Cisco for a home router.
> just get a PC with two NICs and run ipfilter on FreeBSD.
> I only suggest ipf/FreeBSD since it is also available for
> Solaris and can be installed on the Ultra60. Feel free to
> choose pf/OpenBSD or iptables/linux depending on your 
> personal preference/experience. 

Is this still firewall-wizards?

With all due respect, this answer is headed in just about
completely the wrong direction.  The original request was for
somewhat vague criteria, but reading between the lines I
would think the following list is reasonable:
  - Highly reliable (minimal moving parts other than fans)
  - Cost not particularly an object ($ork is paying)
  - Cisco probably an acceptable (maybe preferred) choice
  - Easy to configure for someone with some networking
    background, but who's not necessarily a security
    weenie

I can't find *any* of those criteria where the right answer
is "x86 or Sun Hardware + $OS + $freely-available-packet-filter".
Just because someone has an Ultra60 at home doesn't mean that
they want to use it as their firewall--in fact it's quite likely
that the father *does not* want to start mucking with the U60
development box.

> IMHO, using a Cisco, any model, is not recommended simply
> for cost and software update availability (security fixes),
> unless you have readily available Cisco support already.

See above.  The father had already halfway-specced Cisco--
there's a good chance that the father's company which would
be paying for this is "happy" buying Cisco new, and it would
therefore come with a support agreement.

> Of course, I've been using FreeBSD and linux more than
> commercial firewalls for about 5 years now. If I had to
> choose a Cisco though, I'd go with a used 2514; tried and
> true, no fancy modules and it's not like you're going to
> attach a T-1 to it, right?

I've been using Solaris, Linux, Windows, *BSD, and security
appliances for several years too.  I would agree with Ben
Nagy's recommendation (Cisco 17xx) or Wes Noonan (PIX 5xx),
or consider a Netscreen 25.  Any of those are probably
overkill--but they're all featureful, reliable, and *much*
easier to configure in my experience than iptables/pf/ipfilter.

I have no issue with advocacy, and I currently use all three
of the above $freely-available-packet-filter implementations
for Real Work...but I'd prefer we try to answer the question
asked with a more appropriate response.  Just my suggestion,
anyway.

--
Rip Loomis, CISSP, Sun Certified Security Administrator
Senior Systems Security Engineer, SAIC Enterprise Security Solutions
Brainbench MVP for Internet Security       http://www.brainbench.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards