Re[2]: suggestions on a good firewall

From: Malte von dem Hagen (
Date: 05/21/03

  • Next message: Jeff Lane: "Ports 1985 and 1986"
    Date: Wed, 21 May 2003 17:52:43 +0200
    To: "Jeff" <>

    Hallo Jeff,
    am Dienstag, 20. Mai 2003 um 18:35:30 schrieben Sie:

    > ok I'll bite
    > Why is Linux or the others in this thread a bad idea as a firewall. I see
    > you would recommend a hardware firewall. does this mean like a linksys or
    > netgear or raptor or one of those type of LINUX based firewall systems.
    > I have deployed Linux,Cisco, and raptors based firewall and the difference I
    > have see is support and cost.
    > Linux being the less cost and Cisco being the most.
    > if it was my network and I was making the security policy I would chose
    > Linux or raptor Cisco is just too much money for a personal or small company
    > network.

    First of all, a firewall is a concept and not a machine, so one has to
    chose a concept for it. You cannot compare a Cisco Router with Firewall
    Feature Set to a Raptor. If one needs a packet filter-like firewall
    component, i would always recommend OpenBSD - not Linux, not Cisco or
    anything else.
    Why? Because OpenBSD is one of the most secure Operating Systems, and
    that's one of the most important points when chossing a firewall
    component. You need a secure and stable platform. The BSD Unices (all of
    them) are such a platform - more secure and more stable than Linux, even
    than Cisco IOS.
    Everyone with rudimental knowledge in Unix-based systems can set up and
    maintain such a system, when he or she is willing to read and learn a
    bit. It is not as difficult as it may seem...

    Only exception: A medium to large network with single-vendor-Cisco-strategy.
    In that scenario, it may be useful to choose a PIX, for management

    Disclaimer: I don't want to start the old "BSD vs. Linux" war. Who wants
    to use Linux may use it. I like BSD a lot more, regarding security,
    performance and stability in not-desktop-systems.

    [TOFU removed]

    Just my 3.141 -cents,


    Malte von dem Hagen
    Thinking About Security Training? You Can't Afford Not To!
    Vigilar's industry leading curriculum includes:  Security +, Check Point, 
    Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now!
    --UP TO 30% off classes in select cities--

  • Next message: Jeff Lane: "Ports 1985 and 1986"

    Relevant Pages

    • Re: Picking the right harwared to run FC3 on.
      ... Also for the firewall, you don't need all of that horsepower, you can ... Then do additional filtering and security ... if you are planning on diving into linux then you ... windows though, anything windows will do linux will do* ...
    • RE: Home Security.
      ... Subject: Home Security. ... I would suggest using linux as your router. ... Other than that, as long as you set your firewall up right, you ...
    • Re: iptables vs Cisco
      ... control access and provide VPN services etc? ... Cisco firewall can do. ... ready to run from boot vs configuring/installing (Linux box, ...
    • Re: Replaced NT 4 Server with Linux
      ... Maybe later when i will be more confidential with linux. ... Cisco both with the same configuration i'm doing now with your help. ... > off by a second line of defense (the Linux firewall machine you don't ... > router and keeping track of connections, running IDS's, etc - your Cisco ...
    • RE: Using Fedora as firewall.
      ... > Let me repeat this just in case I wasn't clear: in a firewall running ... I've been doing security for a long ... over half the linux firewalls I ...