Re: Bastille vs firehol vs ...
On Mon, 12 Apr 2004, Michael Bell wrote:
> My firewall needs a very simple: I have one machine sitting behind a
> DSL router that offers no outside services, though I look forward to
> extending the home network as the family grows.
>
> To date I've used the Bastille package to harden my system and set up
> a simple packet-filtering firewall. I've been interested to what
> firehol offers.
>
> Are there strong feelings either way about these tools? Or are they
> apples and oranges?
I fear to say that I have never used the Bastille system, so can't
really comment on it.
I will offer my point of view based on the description of it, and my
knowledge of system hardening and firewall deployment, and firehol.
Firehol does two things, one core and one nice extra. It is a *very*
good firewall configuration system, as good as, or better than, any
other system I have tried, including most commercial systems.
It also includes a "wizard" that makes it easy to build a simple
configuration that matches the current machine reasonably well, for
protecting only that machine.
Bastille seems to do an awful lot more, and aims to educate - firehol
does not. It presumes that you *know* how to make a secure firewall,
then makes doing so easier.
So, I would suggest you use bastille until you start to hit the limits
of it's firewall abilities and then, after you know how firewalls work,
look at moving to a solution like firehol which is more powerful.
The final thing, of course, is that I don't know the authors of the
bastille product, so I can't vouch for their level of security
knowledge.
In running their product, you *are* trusting their knowledge in this
area. This is not a bad thing, but it is something to consider.
Daniel
--
When the going gets weird, the weird turn pro.
-- Hunter S. Thompson
Reply to: