I don't think any firewall implementation (Linux, Windows, MAC,
whatever....) is a bad idea. However, each product and deployment strategy
has it's flaws.
In some scenario's Cisco is the best choice and in others Linksys or
Sonicwall. In large organizations that already have a Cisco based networks
should seriously consider staying with Cisco. If Cisco does not meet the
requirements (usually price) a similar product should be considered that has
the basic look and feel (CLI) like Netscreen. Plus, at the end of the day
people cost more then the product. But in some environments everyone's a
Linux expert why would you need Cisco then? There should be a business case
for any firewall consideration.
Hardware based firewall vs. Software? All firewalls can be considered
hardware. The fine line between the two is how the hardware/software is
implemented. In my opinion any firewall that is not embedded or requires an
OS like Linux, Sun, Windows, etc... would be considered software. In the
case of administration you must be an OS expert (like Linux) and then be a
firewall expert (Checkpoint). Excellent if your both but some companies
prefer to have an expert for each and designate one person to do firewall
stuff and then one person to do Linux stuff.
Few things to consider when deploying software based firewall:
- Patching OS or firewall software could bring down firewall or open
additional holes
- OS Expertise vs. firewall expertise (you may need two administrators).
- Support contract (One for hardware, one for OS, one for firewall), who do
you call?
- Administration (One for OS and one for firewall). If your not an expert
in both then forget it.
- High-availability (Stateful failover) (usually requires additional
software and costs a lot of money). As a result it adds to support costs.
Is software firewalls a bad idea it depends. Every situation is different.
Bob.
-----Original Message-----
From: Dan.Hemphill (at) warehouse (dot) com [email concealed] [mailto:Dan.Hemphill (at) warehouse (dot) com [email concealed]]
Sent: Wednesday, May 21, 2003 9:45 AM
To: jeffr76 (at) yahoo (dot) com [email concealed]; security-basics (at) securityfocus (dot) com [email concealed];
bloodk (at) prodigy.net (dot) mx [email concealed]
Subject: RE: suggestions on a good firewall
What the people ragging on Linux firewalls don't realize is that it is
indeed a hardware firewall, as it runs on its own dedicated hardware. If
you were to buy a Linksys, Netgear, or even something more expensive like
Cisco, those are hardware firewalls too, but they STILL run an embedded
operating system. A software firewall is a piece of software that runs on
the host it's trying to protect, such as Zone Alarm, for example.
I look forward to hearing the reasons (read: factual evidence) that state
why a Linux firewall such as Smoothwall or Astaro are a bad idea(tm).
-Dan
-----Original Message-----
From: Jeff [mailto:jeffr76 (at) yahoo (dot) com [email concealed]]
Sent: Tuesday, May 20, 2003 12:36 PM
To: security-basics (at) securityfocus (dot) com [email concealed]; Ing Bernardo Lopez
Subject: Re: suggestions on a good firewall
ok I'll bite
Why is Linux or the others in this thread a bad idea as a firewall. I see
you would recommend a hardware firewall. does this mean like a linksys or
netgear or raptor or one of those type of LINUX based firewall systems. I
have deployed Linux,Cisco, and raptors based firewall and the difference I
have see is support and cost. Linux being the less cost and Cisco being the
most. if it was my network and I was making the security policy I would
chose Linux or raptor Cisco is just too much money for a personal or small
company network. just my .02 Jeff
----- Original Message -----
From: "Ing Bernardo Lopez" <bloodk (at) prodigy.net (dot) mx [email concealed]>
To: <security-basics (at) securityfocus (dot) com [email concealed]>
Sent: Monday, May 19, 2003 4:49 PM
Subject: Re: suggestions on a good firewall
> Yea, linux as a firewall is poor than microsoft, bether use OpenBSD or
> buy
a
> hardware firewall... dont be a poor freak guy...
>
> On Saturday 17 May 2003 12:07, kerberus wrote:
> > Please get a real Firewall use OpenBSD and PF
> >
> > On Fri, 2003-05-16 at 14:50, Tom Sevy wrote:
> > > I 2nd ipcop as a suggestion...
> > >
> > > -----Original Message-----
> > > From: Mike Moore [mailto:mike (at) moorecomputing (dot) net [email concealed]]
> > > Sent: Thursday, May 15, 2003 7:14 PM
> > > To: security-basics (at) securityfocus (dot) com [email concealed]
> > > Subject: RE: suggestions on a good firewall
> > >
> > >
> > > Or even better www.ipcop.org . A lot better support and no abuse.
> > >
> > > > -----Original Message-----
> > > > From: Dan Tesch [mailto:dantel (at) rb-group (dot) com [email concealed]]
> > > > Sent: Wednesday, May 14, 2003 1:37 PM
> > > > To: Beaney, Derek; security-basics (at) securityfocus (dot) com [email concealed]
> > > > Subject: Re: suggestions on a good firewall
> > > >
> > > >
> > > > Try www.smoothwall.org
> > > >
> > > > Beaney, Derek wrote:
> > > > >im planning on making a firewall for my home system.. I am
> > > > >running windowsXP / SuSE 8.1 dual boot what I want to do is
> > > > >set up another computer to act as a firewall for my main
> > > > >system. what I
> > > >
> > > > want this to
> > > >
> > > > >do is to be able to control what enters and leaves my system
> > > > >with
a
> > > > >way to set up permissions. preferably I would like to have a
> > > >
> > > > firewall
> > > >
> > > > >running on either a Linux or Unix os ... no m$ =) tia
> > > >
> > > > --------------------------------------------------------------
> > > > -------------
> > > > Thinking About Security Training? You Can't Afford Not To!
> > > >
> > > > Vigilar's industry leading curriculum includes: Security +,
> > > > Check Point, Hacking & Assessment, Cisco Security, Wireless
> > > > Security & more! Register Now! --UP TO 30% off classes in select
> > > > cities-- http://www.securityfocus.com/Vigilar-security-basics
> > > > --------------------------------------------------------------
> > > > --------------
> > >
> >
> ----------------------------------------------------------------------
> ---
> > >-- Thinking About Security Training? You Can't Afford Not To!
> > >
> > > Vigilar's industry leading curriculum includes: Security +, Check
Point,
> > > Hacking & Assessment, Cisco Security, Wireless Security & more!
Register
> > > Now!
> > > --UP TO 30% off classes in select cities--
> > > http://www.securityfocus.com/Vigilar-security-basics
> >
> ----------------------------------------------------------------------
> ---
> > >---
> > >
> >
> ----------------------------------------------------------------------
> ---
> > >-- Thinking About Security Training? You Can't Afford Not To!
> > >
> > > Vigilar's industry leading curriculum includes: Security +, Check
Point,
> > > Hacking & Assessment, Cisco Security, Wireless Security & more!
Register
> > > Now! --UP TO 30% off classes in select cities--
> > > http://www.securityfocus.com/Vigilar-security-basics
> >
> ----------------------------------------------------------------------
> ---
> > >---
> >
>
> ----------------------------------------------------------------------
> ----
-
> > Thinking About Security Training? You Can't Afford Not To!
> >
> > Vigilar's industry leading curriculum includes: Security +, Check
Point,
> > Hacking & Assessment, Cisco Security, Wireless Security & more!
> > Register Now! --UP TO 30% off classes in select cities--
> > http://www.securityfocus.com/Vigilar-security-basics
>
> ----------------------------------------------------------------------
> ----
-
> >-
>
>
> ----------------------------------------------------------------------
> ----
-
> Thinking About Security Training? You Can't Afford Not To!
>
> Vigilar's industry leading curriculum includes: Security +, Check
> Point, Hacking & Assessment, Cisco Security, Wireless Security & more!
> Register
Now!
> --UP TO 30% off classes in select cities--
> http://www.securityfocus.com/Vigilar-security-basics
> ----------------------------------------------------------------------
> ----
--
------------------------------------------------------------------------
---
Thinking About Security Training? You Can't Afford Not To!
Vigilar's industry leading curriculum includes: Security +, Check Point,
Hacking & Assessment, Cisco Security, Wireless Security & more! Register
Now! --UP TO 30% off classes in select cities--
http://www.securityfocus.com/Vigilar-security-basics
------------------------------------------------------------------------
----
------------------------------------------------------------------------
---
Thinking About Security Training? You Can't Afford Not To!
Vigilar's industry leading curriculum includes: Security +, Check Point,
Hacking & Assessment, Cisco Security, Wireless Security & more! Register
Now! --UP TO 30% off classes in select cities--
http://www.securityfocus.com/Vigilar-security-basics
------------------------------------------------------------------------
----
------------------------------------------------------------------------
---
Thinking About Security Training? You Can't Afford Not To!
Vigilar's industry leading curriculum includes: Security +, Check Point,
Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now!
--UP TO 30% off classes in select cities--
http://www.securityfocus.com/Vigilar-security-basics
------------------------------------------------------------------------
----
whatever....) is a bad idea. However, each product and deployment strategy
has it's flaws.
In some scenario's Cisco is the best choice and in others Linksys or
Sonicwall. In large organizations that already have a Cisco based networks
should seriously consider staying with Cisco. If Cisco does not meet the
requirements (usually price) a similar product should be considered that has
the basic look and feel (CLI) like Netscreen. Plus, at the end of the day
people cost more then the product. But in some environments everyone's a
Linux expert why would you need Cisco then? There should be a business case
for any firewall consideration.
Hardware based firewall vs. Software? All firewalls can be considered
hardware. The fine line between the two is how the hardware/software is
implemented. In my opinion any firewall that is not embedded or requires an
OS like Linux, Sun, Windows, etc... would be considered software. In the
case of administration you must be an OS expert (like Linux) and then be a
firewall expert (Checkpoint). Excellent if your both but some companies
prefer to have an expert for each and designate one person to do firewall
stuff and then one person to do Linux stuff.
Few things to consider when deploying software based firewall:
- Patching OS or firewall software could bring down firewall or open
additional holes
- OS Expertise vs. firewall expertise (you may need two administrators).
- Support contract (One for hardware, one for OS, one for firewall), who do
you call?
- Administration (One for OS and one for firewall). If your not an expert
in both then forget it.
- High-availability (Stateful failover) (usually requires additional
software and costs a lot of money). As a result it adds to support costs.
Is software firewalls a bad idea it depends. Every situation is different.
Bob.
-----Original Message-----
From: Dan.Hemphill (at) warehouse (dot) com [email concealed] [mailto:Dan.Hemphill (at) warehouse (dot) com [email concealed]]
Sent: Wednesday, May 21, 2003 9:45 AM
To: jeffr76 (at) yahoo (dot) com [email concealed]; security-basics (at) securityfocus (dot) com [email concealed];
bloodk (at) prodigy.net (dot) mx [email concealed]
Subject: RE: suggestions on a good firewall
What the people ragging on Linux firewalls don't realize is that it is
indeed a hardware firewall, as it runs on its own dedicated hardware. If
you were to buy a Linksys, Netgear, or even something more expensive like
Cisco, those are hardware firewalls too, but they STILL run an embedded
operating system. A software firewall is a piece of software that runs on
the host it's trying to protect, such as Zone Alarm, for example.
I look forward to hearing the reasons (read: factual evidence) that state
why a Linux firewall such as Smoothwall or Astaro are a bad idea(tm).
-Dan
-----Original Message-----
From: Jeff [mailto:jeffr76 (at) yahoo (dot) com [email concealed]]
Sent: Tuesday, May 20, 2003 12:36 PM
To: security-basics (at) securityfocus (dot) com [email concealed]; Ing Bernardo Lopez
Subject: Re: suggestions on a good firewall
ok I'll bite
Why is Linux or the others in this thread a bad idea as a firewall. I see
you would recommend a hardware firewall. does this mean like a linksys or
netgear or raptor or one of those type of LINUX based firewall systems. I
have deployed Linux,Cisco, and raptors based firewall and the difference I
have see is support and cost. Linux being the less cost and Cisco being the
most. if it was my network and I was making the security policy I would
chose Linux or raptor Cisco is just too much money for a personal or small
company network. just my .02 Jeff
----- Original Message -----
From: "Ing Bernardo Lopez" <bloodk (at) prodigy.net (dot) mx [email concealed]>
To: <security-basics (at) securityfocus (dot) com [email concealed]>
Sent: Monday, May 19, 2003 4:49 PM
Subject: Re: suggestions on a good firewall
> Yea, linux as a firewall is poor than microsoft, bether use OpenBSD or
> buy
a
> hardware firewall... dont be a poor freak guy...
>
> On Saturday 17 May 2003 12:07, kerberus wrote:
> > Please get a real Firewall use OpenBSD and PF
> >
> > On Fri, 2003-05-16 at 14:50, Tom Sevy wrote:
> > > I 2nd ipcop as a suggestion...
> > >
> > > -----Original Message-----
> > > From: Mike Moore [mailto:mike (at) moorecomputing (dot) net [email concealed]]
> > > Sent: Thursday, May 15, 2003 7:14 PM
> > > To: security-basics (at) securityfocus (dot) com [email concealed]
> > > Subject: RE: suggestions on a good firewall
> > >
> > >
> > > Or even better www.ipcop.org . A lot better support and no abuse.
> > >
> > > > -----Original Message-----
> > > > From: Dan Tesch [mailto:dantel (at) rb-group (dot) com [email concealed]]
> > > > Sent: Wednesday, May 14, 2003 1:37 PM
> > > > To: Beaney, Derek; security-basics (at) securityfocus (dot) com [email concealed]
> > > > Subject: Re: suggestions on a good firewall
> > > >
> > > >
> > > > Try www.smoothwall.org
> > > >
> > > > Beaney, Derek wrote:
> > > > >im planning on making a firewall for my home system.. I am
> > > > >running windowsXP / SuSE 8.1 dual boot what I want to do is
> > > > >set up another computer to act as a firewall for my main
> > > > >system. what I
> > > >
> > > > want this to
> > > >
> > > > >do is to be able to control what enters and leaves my system
> > > > >with
a
> > > > >way to set up permissions. preferably I would like to have a
> > > >
> > > > firewall
> > > >
> > > > >running on either a Linux or Unix os ... no m$ =) tia
> > > >
> > > > --------------------------------------------------------------
> > > > -------------
> > > > Thinking About Security Training? You Can't Afford Not To!
> > > >
> > > > Vigilar's industry leading curriculum includes: Security +,
> > > > Check Point, Hacking & Assessment, Cisco Security, Wireless
> > > > Security & more! Register Now! --UP TO 30% off classes in select
> > > > cities-- http://www.securityfocus.com/Vigilar-security-basics
> > > > --------------------------------------------------------------
> > > > --------------
> > >
> >
> ----------------------------------------------------------------------
> ---
> > >-- Thinking About Security Training? You Can't Afford Not To!
> > >
> > > Vigilar's industry leading curriculum includes: Security +, Check
Point,
> > > Hacking & Assessment, Cisco Security, Wireless Security & more!
Register
> > > Now!
> > > --UP TO 30% off classes in select cities--
> > > http://www.securityfocus.com/Vigilar-security-basics
> >
> ----------------------------------------------------------------------
> ---
> > >---
> > >
> >
> ----------------------------------------------------------------------
> ---
> > >-- Thinking About Security Training? You Can't Afford Not To!
> > >
> > > Vigilar's industry leading curriculum includes: Security +, Check
Point,
> > > Hacking & Assessment, Cisco Security, Wireless Security & more!
Register
> > > Now! --UP TO 30% off classes in select cities--
> > > http://www.securityfocus.com/Vigilar-security-basics
> >
> ----------------------------------------------------------------------
> ---
> > >---
> >
>
> ----------------------------------------------------------------------
> ----
-
> > Thinking About Security Training? You Can't Afford Not To!
> >
> > Vigilar's industry leading curriculum includes: Security +, Check
Point,
> > Hacking & Assessment, Cisco Security, Wireless Security & more!
> > Register Now! --UP TO 30% off classes in select cities--
> > http://www.securityfocus.com/Vigilar-security-basics
>
> ----------------------------------------------------------------------
> ----
-
> >-
>
>
> ----------------------------------------------------------------------
> ----
-
> Thinking About Security Training? You Can't Afford Not To!
>
> Vigilar's industry leading curriculum includes: Security +, Check
> Point, Hacking & Assessment, Cisco Security, Wireless Security & more!
> Register
Now!
> --UP TO 30% off classes in select cities--
> http://www.securityfocus.com/Vigilar-security-basics
> ----------------------------------------------------------------------
> ----
--
------------------------------------------------------------------------
---
Thinking About Security Training? You Can't Afford Not To!
Vigilar's industry leading curriculum includes: Security +, Check Point,
Hacking & Assessment, Cisco Security, Wireless Security & more! Register
Now! --UP TO 30% off classes in select cities--
http://www.securityfocus.com/Vigilar-security-basics
------------------------------------------------------------------------
----
------------------------------------------------------------------------
---
Thinking About Security Training? You Can't Afford Not To!
Vigilar's industry leading curriculum includes: Security +, Check Point,
Hacking & Assessment, Cisco Security, Wireless Security & more! Register
Now! --UP TO 30% off classes in select cities--
http://www.securityfocus.com/Vigilar-security-basics
------------------------------------------------------------------------
----
------------------------------------------------------------------------
---
Thinking About Security Training? You Can't Afford Not To!
Vigilar's industry leading curriculum includes: Security +, Check Point,
Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now!
--UP TO 30% off classes in select cities--
http://www.securityfocus.com/Vigilar-security-basics
------------------------------------------------------------------------
----
[ reply ]