It was assumed that the question was a result of an
implementation in an enterpise system. Of course in a
school or a small comapny where uptime does not = $
there is no issue, use Linux, use MS Proxy for all
that matters. But in an enterprise where uptime is
Essentail, there is money at stake and information has
lots of value, I would sleep easier at night knowing
that I have an enterprise level platform with a solid
proven track record, backed by a company who is
focused on producing and supporting systems to enable
me to focus on doing what I'm good at...
Moe.
--- Priscilla Oppenheimer <[EMAIL PROTECTED]> wrote:
> How about if the customer is strapped for money. I
> work at a school.
> Luckily our students haven't gotten sophisticated
> enough to break into the
> Linux firewall but I don't the think that day is too
> far away. Some of them
> are very smart and they are learning Linux and
> networking in their classes.
> But PIX is too expensive, I think??
>
> Priscilla
>
> At 09:24 AM 3/23/01, Rik wrote:
> >I have seen way too many Linux firewalls hacked as
> a result of
> >mis-administration. Now, I'm not assuming anything
> about your abilities as
> >the last confirmed hack that I was notified about
> was a Linux FW setup by 2
> >guys that I know to be excellent Linux admins. The
> problem is the inherent
> >nature of the beast. A PIX is totally secure right
> out of the box. The
> >last Linux hack I speak of was hacked based on an
> exploit within BIND and
> >had nothing to do with the FW policy.
> >
> >I also find the PIX to be MUCH easier to configure
> and setup. I can do in
> >only a few lines of code what could possibly take
> pages and pages of code in
> >Linux. When talking about firewalls, simplicity is
> a critically important
> >concern. One compromise could easily remove any
> upfront cost advantage
> >Linux has over Cisco. Also, you don't have to be
> concerned with shutting
> >down unused services on a PIX as you would on
> Linux.
> >
> >Go with the PIX. It was designed from the ground
> up to do just what it
> >does: protect your network. Cisco claims that a
> properly configured PIX has
> >never been compromised. I believe them.
> >
> >Rik
> >
> >
> >""Sean Young"" <[EMAIL PROTECTED]> wrote in
> message
> >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > Hi Everyone,
> > >
> > > My company is putting me in charge in
> implementing a Firewall for our
> > > company. One guy in my networking group is
> recommending PIX Firewall.
> > > Furthermore, he also recommends a Cisco
> Web-caching engine. His reason
> > > is that not only Cisco is good Firewall but it
> also provides VPN
> > > connectivity to our remote sites. Myself, on
> the other hand, would
> > > like to implement Linux-based OS firewall along
> with FreeS/WAN VPN
> > > features set. My reason is that a linux
> firewall can provide everything
> > > a Cisco PIX does and even more. In term of
> hardware, the linux Firewall/
> > > VPN/IPSec box will be running a dual-processor
> (800MHz) with 1GB of RAM.
> > > I just feel that I can get a lot more for the
> amount that we are going
> > > to spend with linux than with Cisco PIX. I also
> feel that I tweak the
> > > source code on the LINUX kernel to increase the
> performance and security.
> > > Also, instead of purchasing the Cisco
> web-caching engine, I am thinking
> > > of building another linux box that will be
> running squid (web-caching)
> > > server. Don't get me wrong, I think Cisco has a
> lot of good products
> > > in the area of routing; however, I just don't
> think it is necessary to
> > > throw away money at Cisco when I know that Linux
> or BSD can do the same
> > > job that PIX and Cisco web-caching engine do but
> for much less and also
> > > I can control the source code. Has anyone has
> experiences with both
> > > the Linux/BSD, Squid and Cisco PIX, Cisco
> web-caching engine so that
> > > you can give advice on what I should do. I am
> open to your suggestions.
> > >
> > > Many thanks.
> > > Sean
> > >
>
_________________________________________________________________
> > > Get your FREE download of MSN Explorer at
> http://explorer.msn.com
> > >
> > > _________________________________
> > > FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations
> to [EMAIL PROTECTED]
> > >
> >
> >
> >_________________________________
> >FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> >Report misconduct and Nondisclosure violations to
> [EMAIL PROTECTED]
>
>
> ________________________
>
> Priscilla Oppenheimer
> http://www.priscilla.com
>
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]
=====
_____________________________________________
Moe Tavakoli
__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]