Re: operationg system firewall question
From: David (davidwnh_at_adelphia.net)
Date: 07/09/03
- Next message: David: "Re: RPCSS wants to access the internet"
- Previous message: Tutaepaki: "Re: IRC Choopa.NET"
- In reply to: Lars M. Hansen: "Re: operationg system firewall question"
- Next in thread: [Bumblebee]: "Re: operationg system firewall question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 09 Jul 2003 03:07:11 GMT
The biggest consideration seems to revolve around the end
user/administrator. Most *nix based firewall's these days are frontends to
Netfilter. They may or may not add proxies on top. Most Windows firewalls
are proprietary. In general Windows based firewalls are easiest for most to
configure aside from hardware devices that run on *nix derivatives. Windows
is a lot easier to configure than say Linux so many people are better off
using a Windows-based solution. Contrary to popular belief Windows can be
made a lot more secure than many think. Most of the vulnerabilities have
been in IE, Outlook Express, and IIS, so if you don't use these on the
machine and disable all unused services you're 90% there. The alternative
(*nix) generally requires a huge learning curve and a lot of potential for
configuration errors. Linux for example is by no means secure out of the
box. I have not seen a good GUI frontend that takes care of the various
aspects to secure it and set it up as a firewall. You are talking about
configuring most aspects through a text editor. You may get a half decent
GUI for IPTables (although there is no better way then writing your own
script) however you still need to hand configure network related kernel
processes, xinetd, specific service configuration files, TCP wrapper related
files, and most proxy server configuration files if you want to use such.
And if you want to add several application proxies you will probably be
forced to deal with compiling source code, which isn't that difficult,
however not something that many users wish to deal with. You can do a lot
with Linux or FreeBSD without laying out a bunch of cash but you will need
to invest your time, particularly if you are venturing into "unexplored
territory" as far as *nix is concerned.
For most a hardware device seems to be the best solution. Easy to configure,
efficient, and relatively inexpensive.
I am personally partial to Linux these days. I don't like being stuck within
the bounds of proprietary solutions. This includes both Windows and hardware
devices. For most this isn't as much a concern. You can put together an
extensive firewall/proxy solution for the price of the hardware and it's
portion of the electric bill. But if you are the type who doesn't like
reading technical BS, doesn't have the spare time for configuration
concerns, or if the person who will administer the firewall is purely
Windows literate, then this is not a good solution.
Otherwise if you need a very specialized firewall with application proxies,
There are a few excellent Windows-based solutions, but be prepared to get
out your wallet.
In summary I would say:
The typical home user is best served with a medium priced hardware device or
a cheap hardware device along with supplemental desktop firewalls.
A home user who likes to tinker is probably more prone to a home-grown Linux
or FreeBSD solution. You can do a lot for little cash but this is not the
way to go for most home users. If you are willing to download and compile
source, and edit numerous configuration files then you can end up with a
firewall/proxy solution that is far superior to any single proprietary
solution.
A business's needs vary, and often include a combination of hardware devices
and software proxies depending on their size and the nature of the business.
> >> Between a windows based or a unix based firewall what would be the
> >> considerations to choose from?
> >> Thanks a lot,
> >> Calin
> >
> >I would never recommend software from Microsoft.
>
> Why not? It's reliable, it's secure, and it runs all the top firewalls
> around. Whats not to like?
- Next message: David: "Re: RPCSS wants to access the internet"
- Previous message: Tutaepaki: "Re: IRC Choopa.NET"
- In reply to: Lars M. Hansen: "Re: operationg system firewall question"
- Next in thread: [Bumblebee]: "Re: operationg system firewall question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
