Re: Linux box vs black box
Mathias Bocquet <mbocquet@geopost-logistics.com> writes:
> This is perhaps off topics, but I'm searching for external opinions about
> firewalls ;
>
> 1 - a linux box with kernel 2.4.x and netfilter/NAT
> 2 - a linux box with a commercial firewall product
> 3 - an integrated firewall you don't know much about what it is made of
>
> For my own, I prefer the first one, as it doesn't need any additionnal
> software, and if a problem occurs, I can rebuild it from scratch. I never
> used the 3rd one, and I don't like it cause I like to know what's in a
> box and have total-control over it.
The security comes into the above by how much you can change it, compared
to how much someone can throw themselves at it to try and crack it.
We've had decades of crackers targetting proprietary systems where stuff's
been hidden from the sysadmin's eyes; if you can change the way it works at
lower level on demand, you have greater security.
Me, I also think option 2 is quite close on commercial exploitation. Option
1 is therefore the only sort I'm willing to countenance.
~Tim
--
4:31pm up 3 days, 7:37, 11 users, load average: 0.07, 0.04, 0.00
piglet@stirfried.vegetable.org.uk |Newton and Adam, lost and found,
http://piglet.is.dreaming.org |The apple must fall to the ground
Reply to: