Re: Linux box vs black box
At 04:37 PM 6/7/2001 +0200, Mathias Bocquet wrote:
Hi everyone.
This is perhaps off topics, but I'm searching for external opinions
about firewalls ;
1 - a linux box with kernel 2.4.x and netfilter/NAT
Currently using this, albeit with a 2.2.X kernel and IPChains (upgrade
planned and slowly being implemented on a production system). Love it to
death because I know exactly what's going on with it and configured it to
meet exactly my security requirements. It's also not very fancy, which
appeals to my belief that a minimalist approach to firewalls is best - too
many "features" add potential security leaks.
2 - a linux box with a commercial firewall product
I've used SunOS with TIS-FWTK (not exactly "commercial", but it is a 3rd
party solution). Liked it because I could build my own from source
code. Configuration was a minor pain, but it worked very well for my needs
at the time.
3 - an integrated firewall you don't know much about what it is made of
Used a Lucent gizmo (forgot the model). Config was a major pain in the
ass, couldn't really tell what exactly it was doing, and didn't trust the
admin interface except for the horrible ASCII panel available via serial
connection.
Put it back in the shipping box and stuffed it underneath the desk. I then
went back to Option #1.
Admin on #1 and #2 were good for me because if I wanted to change something
I SSH'd into the system and changed rulesets as opposed to having a
web-based interface for #3.
Also a benefit of Options #1 and #2 is that I can harden the underlying
operating system to my needs. Who knows what was buried underneath
#3? Call me a control freak, but in certain situations I can accept
nothing less...
--
Eric N. Valor
Webmeister/Inetservices
Lutris Technologies
eric.valor@lutris.com
- This Space Intentionally Left Blank -
Reply to: