Full Disclosure mailing list archives

Re: Linux firewall

From: Michael Bergbauer <full-disclosure () noname franken de>
Date: Thu, 19 Jun 2003 12:10:39 +0200

On Wed Jun 18, 2003 at 04:4525PM -0400, Spencer, Gary  TRI-S INC wrote:

Hello everyone. I have been following the discussions for a few months now
and enjoy the technical information that everyone has to share. What would
your recommendations be for a Linux firewall? And would you use a 50,000
Cisco firewall instead??


As most others already pointed out, you have a wide variety of 
possibilities to choose, and it is very hard to give some 
recommandations, especially as none of the readers here has the 
necessary background knowlegde about what you want to protect and 
against which kind of attackers.

Step back and think about it. A firewall is not a piece of hardware, 
but a sheet of paper that contains information about your threats, how 
dangerous they are, how likely they will occur, and how you want to 
protect against them. This last part can be achieved by simply not 
connecting your network to any public network, because you can't protect 
it sufficently, or you can rely on something called a packet filter, or 
application level gateways. 

When your security concept contains something called commonly 
"firewall", you have to decide which one to choose. As I already 
mentioned, there are lots of different solutions available, from very 
cheap ones to very expensive ones, and you have to consider a lot of 
factors. I hardly can suggest using a linux box if you (or anyone at 
your site) has no or not much expirience with linux at all. Chances are 
very likely that you can't achieve what you want to, and instead, a 
Cisco box, though much more expensive can be a better protection, 
especially when you are very experienced with that systems already.

Hope this helps

-- 
Michael Bergbauer <michael () noname franken de>
use your idle CPU cycles - See http://www.distributed.net for details.
Visit our mud Geas at geas.franken.de Port 3333
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Linux firewall Spencer, Gary TRI-S INC (Jun 18)
- Re: Linux firewall Gabe Arnold (Jun 18)
  - Re: Linux firewall David Maxwell (Jun 18)
  - Re: Linux firewall Denis Dimick (Jun 18)
    - Re: Linux firewall Michele Chubirka (Jun 19)
    - RE: Linux firewall Curt Purdy (Jun 19)
    - RE: Linux firewall Denis Dimick (Jun 19)
- Re: Linux firewall Matt (Jun 18)
  - Re: Linux firewall phantasm (Jun 19)
  - Re: Linux firewall Denis Dimick (Jun 19)
- Re: Linux firewall Michael Bergbauer (Jun 19)
  - RE: Linux firewall Curt Purdy (Jun 19)
- <Possible follow-ups>
- Re: Linux firewall Peter E. Johnson (Jun 18)
  - Re: Linux firewall Denis Dimick (Jun 19)