At 18:50 23/09/00 -0400, [EMAIL PROTECTED] wrote:
>Never heard of effnet firewall. I recommend going with a name brand like
>Cisco PIX and Checkpoint.
What I don't like here is the argument.
Just because you never heard of doesn't make it bad.
Besides,
- Checkpoint do not support NetBSD (dunno what PIX OS is).
- Effnet is probably faster
If these args are not important for you, they are for others...
I dunno for sure, but I guess that Effnet is simply a NetBSD appliance with
something
like IP Filter or so, plus a fast routing algorithm (which is publicly
available, thanks to Effnet).
>In the last 6 months, there has been many vulnerabilities found in all
>commercial firewalls.
>It seemed like NAI Gauntlet had the most serious vulnerabilities, then
>Checkpoint, then Cisco PIX.
you argument seems to be: since these "superbe" products are vulnerable,
none should use "less superbe"
products since they are probably worst. I hope you realize that it's too
"dangerous".
>You may want to research the firewall you are buying for vulnerabilities
>and make sure the patches and corrections are applied.
but once you apply the patches, nothing protects you against unknown bugs.
always the same story. So whatta do then?
yes, if a free product is candidate (I say that cos' many companies refuse
to use free products),
then go for ipfilter, ipfw, ipchains, iptables, ... and the like. They are
as mature as commercial products.
You won't have a gui, for sure,j but you'd have trust. By the way, how can
one trust code that is not available
for inspection?
cheers,
mouss
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
