RE: [fw-wiz] Home Environment Cisco
From: Loomis, Rip (GILBERT.R.LOOMIS_at_saic.com)
Date: 05/30/03
- Previous message: Douglas J Hunley: "[fw-wiz] checkpoint port-redirection question"
- Maybe in reply to: Nathan: "[fw-wiz] Home Environment Cisco"
- Next in thread: R. DuFresne: "RE: [fw-wiz] Home Environment Cisco"
- Reply: R. DuFresne: "RE: [fw-wiz] Home Environment Cisco"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: firewall-wizards@honor.icsalabs.com Date: Fri, 30 May 2003 12:27:18 -0400
> > List members,
> >
> > I seek your advice regarding which Cisco router to choose, if any.
>
> I wouldn't get a Cisco for a home router.
> just get a PC with two NICs and run ipfilter on FreeBSD.
> I only suggest ipf/FreeBSD since it is also available for
> Solaris and can be installed on the Ultra60. Feel free to
> choose pf/OpenBSD or iptables/linux depending on your
> personal preference/experience.
Is this still firewall-wizards?
With all due respect, this answer is headed in just about
completely the wrong direction. The original request was for
somewhat vague criteria, but reading between the lines I
would think the following list is reasonable:
- Highly reliable (minimal moving parts other than fans)
- Cost not particularly an object ($ork is paying)
- Cisco probably an acceptable (maybe preferred) choice
- Easy to configure for someone with some networking
background, but who's not necessarily a security
weenie
I can't find *any* of those criteria where the right answer
is "x86 or Sun Hardware + $OS + $freely-available-packet-filter".
Just because someone has an Ultra60 at home doesn't mean that
they want to use it as their firewall--in fact it's quite likely
that the father *does not* want to start mucking with the U60
development box.
> IMHO, using a Cisco, any model, is not recommended simply
> for cost and software update availability (security fixes),
> unless you have readily available Cisco support already.
See above. The father had already halfway-specced Cisco--
there's a good chance that the father's company which would
be paying for this is "happy" buying Cisco new, and it would
therefore come with a support agreement.
> Of course, I've been using FreeBSD and linux more than
> commercial firewalls for about 5 years now. If I had to
> choose a Cisco though, I'd go with a used 2514; tried and
> true, no fancy modules and it's not like you're going to
> attach a T-1 to it, right?
I've been using Solaris, Linux, Windows, *BSD, and security
appliances for several years too. I would agree with Ben
Nagy's recommendation (Cisco 17xx) or Wes Noonan (PIX 5xx),
or consider a Netscreen 25. Any of those are probably
overkill--but they're all featureful, reliable, and *much*
easier to configure in my experience than iptables/pf/ipfilter.
I have no issue with advocacy, and I currently use all three
of the above $freely-available-packet-filter implementations
for Real Work...but I'd prefer we try to answer the question
asked with a more appropriate response. Just my suggestion,
anyway.
-- Rip Loomis, CISSP, Sun Certified Security Administrator Senior Systems Security Engineer, SAIC Enterprise Security Solutions Brainbench MVP for Internet Security http://www.brainbench.com _______________________________________________ firewall-wizards mailing list firewall-wizards@honor.icsalabs.com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Douglas J Hunley: "[fw-wiz] checkpoint port-redirection question"
- Maybe in reply to: Nathan: "[fw-wiz] Home Environment Cisco"
- Next in thread: R. DuFresne: "RE: [fw-wiz] Home Environment Cisco"
- Reply: R. DuFresne: "RE: [fw-wiz] Home Environment Cisco"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
