On 5/27/2004 1:02 PM, Paolo Alexis Falcone wrote:
On Thu, 2004-05-27 at 12:32 +0800, Paolo Alexis Falcone wrote:
On Thu, 2004-05-27 at 11:57 +0800, Eric Noel wrote:
Can anyone share configuration/setup procedures for implementing debian as a pix/firewall replacement for production? or has anybody secured debian to be their production firewall in protecting their financial data centric network (e.g banks, stock traders, etc)? Is it recommended, or we should just use pix/fw1 for that.
I've done that in QC City Hall, but it wasn't really a PIX replacement - the debian firewall I made there was replaced by PIX of a Cisco 6509 :D
That time I implemented the debian machine as a firewall, there was no Cisco 6509 there at City Hall :D
If you've got PIX already - use it. If not, then going for a PC firewall does save some budget. Pros and Cons:
PC Router/Firewall: Pros: dirt cheap, easy to implement, easy to extend functionality Cons: moving parts, constant patching
Appliance Router/Firewall: Pros: Less moving parts, easy to implement, less patching Cons: TONS MORE EXPENSIVE :D, not easy to extend functionality
The ideas that you translate in PIX are also applicable in configuring PC routers - it's just that you'd need to translate them into ipchains/iptables for Linux, or ipfw/pf for the BSDs.
On the other hand, the CISCO products (those ranging in the millions range) have some cool functionality in them built-in like a Java-based monitoring system, web based thingies, IPSec, damn LOTS OF PORTS for ethernet and fibre channel :D. For a PC-based system, you can install almost-equivalent software or hack your own to customize it, but the number of ports are constrained by the limitations of the PC architecture.
It ultimately boils down to what your needs are.
------------------------------------------------------------------------
-- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
Thanks for the replies. im more concerned on the security aspect, ive done 3 nic firewall using shorewall for one company but its not a financial company. Currently, i have someone who wants to implement a comapny wide firewall using debian. My only concern if its really secure to use debian (specifically bf24 and a few binaries e.g shorewall) to protect the company. ive read somewhere of using selinux implementation, bastille, etc to really secure a distribution, but is this necessary wouldnt debian hold off intrusions etc?
--
Philippine Linux Users' Group (PLUG) Mailing List
[EMAIL PROTECTED] (#PLUG @ irc.free.net.ph)
Official Website: http://plug.linux.org.ph
Searchable Archives: http://marc.free.net.ph
.
To leave, go to http://lists.q-linux.com/mailman/listinfo/plug
.
Are you a Linux newbie? To join the newbie list, go to
http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
