hi,
IMHO use the ones you know what is happening on .. but realize each has its
weakness.. my preference? .. whatever is best for the job criteria..
Linux which i have a passion for can be less prone to DoS more prone to
session hijacking .. otherwise can be more than adequate
OpenBSD is not prone to session hijacking but is |more prone to DoS
(ipf is most likely the most powerful i have seen and extendible..)
FW1 on Solaris well that is the way to go commercially IMHO..
always impressed me but the licensing restrictions and /etc will be
its downfall as for instance entering linux world is not a closed loop
this as well will not bode well for them because they are too evasive
for that sector of the market flow.. simply put will the power of say
OBSD why would you even use FW1 in cost is a huge factor
rollouts? well i am sure the patriots will wave there banners now
so i will put my space suit on;-))
but it is weak on ICMP which is a serious flaw IMHO
[N]ot [T]here due to the extra concern IMHO of viruses and closed
source that is veiled by obscurity and still manages to leak HUGE flaws
.. as you have all the issues of *NIX plus viruses plus no source to Fix..
(you must know that a closed source will not resolve the issue if it
is not in their best interest since they actually sell the SPs.. so a issue
could linger for months at a time.. open source is way faster.. usually.)
Squid well there is a reason why it is still popular IYKWIM..
then as well roll your own it is doable you know..
i think it is important to say that firewalls are like contraceptives..
there is risk associated although mostly unadvertised with the rubber
dingies but there is a higher RISK of inpregnating without one..
IMHO security has a bigger danger in popularity than ever before..
seems that those that can click setup soon believe that they are
somehow inpregnable. i had such a case recently where i had
been called in to start dialogue on providing SEC services to a rather
large graphics co.. (that will remain un-named) there key IS person perceived me
as a threat to there dominion so when i mentioned that he might consider
closing off xyz fron the big I (after he was telling me how the telco that had
originally setup their systems was a SEC inept.. and he was far
better. guess i was a bit annoyed since the telco i used to work with them for
nearly 9 years..albeit many moons ago.) to know that since that meeting where i
did not get the agreement that their systems are simply breeched with
absolutely no effort. but since their IT person believes they are suddenly also
a security guru what can you do;-)) Guess what i am saying is that you
can only protect those people and resources that want protection.
one of the greatest security breeches comes from the inside in the
form people that would rather risk the co data than risk their
omnipotent status. that is a tough nut to crack period. people that do this
have already sealed their companies destiny IMHO.
Regards,
[EMAIL PROTECTED]
_______________________________________________________________________
************** DREAMWVR.COM - TOTAL INTERNET SERVICES ****************
TOTAL DESIGN - DEVELOPMENT - INTEGRATION - SECURITY - Click Here..
<http://www.dreamwvr.com/services/MAX_SEC.html>
DREAMWVR.COM - The Console of Many... 90 Topics Covered
<http://www.dreamwvr.com/dynamicduo.html> <mailto:[EMAIL PROTECTED]>
->> LINUX-MANDRAKE Solution Provider and North American Distributor <<-
PRODUCT OF THE YEAR!
<http://www.dreamwvr.com/mandrake/mandrake-main.html>
"===0 PGP Key Available
*************** "As Unique as the Company You Keep." *****************
"If anyone speaks from DREAMWVR.COM its certainly not me:-)"
________________________________________________________________________
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
