Re[2]: suggestions on a good firewall

From: Malte von dem Hagen (
Date: 05/21/03

  • Next message: Jeff Lane: "Ports 1985 and 1986"
    Date: Wed, 21 May 2003 17:52:43 +0200
    To: "Jeff" <>

    Hallo Jeff,
    am Dienstag, 20. Mai 2003 um 18:35:30 schrieben Sie:

    > ok I'll bite
    > Why is Linux or the others in this thread a bad idea as a firewall. I see
    > you would recommend a hardware firewall. does this mean like a linksys or
    > netgear or raptor or one of those type of LINUX based firewall systems.
    > I have deployed Linux,Cisco, and raptors based firewall and the difference I
    > have see is support and cost.
    > Linux being the less cost and Cisco being the most.
    > if it was my network and I was making the security policy I would chose
    > Linux or raptor Cisco is just too much money for a personal or small company
    > network.

    First of all, a firewall is a concept and not a machine, so one has to
    chose a concept for it. You cannot compare a Cisco Router with Firewall
    Feature Set to a Raptor. If one needs a packet filter-like firewall
    component, i would always recommend OpenBSD - not Linux, not Cisco or
    anything else.
    Why? Because OpenBSD is one of the most secure Operating Systems, and
    that's one of the most important points when chossing a firewall
    component. You need a secure and stable platform. The BSD Unices (all of
    them) are such a platform - more secure and more stable than Linux, even
    than Cisco IOS.
    Everyone with rudimental knowledge in Unix-based systems can set up and
    maintain such a system, when he or she is willing to read and learn a
    bit. It is not as difficult as it may seem...

    Only exception: A medium to large network with single-vendor-Cisco-strategy.
    In that scenario, it may be useful to choose a PIX, for management

    Disclaimer: I don't want to start the old "BSD vs. Linux" war. Who wants
    to use Linux may use it. I like BSD a lot more, regarding security,
    performance and stability in not-desktop-systems.

    [TOFU removed]

    Just my 3.141 -cents,


    Malte von dem Hagen
    Thinking About Security Training? You Can't Afford Not To!
    Vigilar's industry leading curriculum includes:  Security +, Check Point, 
    Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now!
    --UP TO 30% off classes in select cities--

  • Next message: Jeff Lane: "Ports 1985 and 1986"