Re: hardware firewall
From: Leythos (void_at_nowhere.com)
Date: 01/07/04
- Previous message: Rowdy Yates: "Re: IDS for old box?"
- In reply to: phn_at_icke-reklam.ipsec.nu: "Re: hardware firewall"
- Next in thread: phn_at_icke-reklam.ipsec.nu: "Re: hardware firewall"
- Reply:(deleted message) phn_at_icke-reklam.ipsec.nu: "Re: hardware firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 07 Jan 2004 16:27:13 GMT
In article <bth9sk$28l4$2@nyheter.ipsec.se>, phn@icke-reklam.ipsec.nu
says...
> Leythos <void@nowhere.com> wrote:
> > In article <qbbnvv4f9ndk2lfs59iavup2no8t3ctf64@4ax.com>,
> > chris@nospam.com says...
> >> On Mon, 05 Jan 2004 23:20:42 GMT, Leythos <void@nowhere.com> wrote:
> > [snip]
> >> >To be honest, you might be better off purchasing a copy of Windows 2000
> >> >Server and using a Linksys Router with NAT. The cost of a good firewall
> >> >that will also provide IP restrictions will cost more than the Server
> >> >software and a simple NAT router.
> >>
> >> Have you priced W2K Server lately?
>
> > Yes, Server 2000 standard will run on any beefy workstation and is only
> > $700 US. It can be purchase for less if you are a non-profit or a
> > educational member. You can also subscribe to the MSDN, if you are a
> > developer of MS products you should already have this, and install
> > anything they make.
>
> I can obtain a linx server AND HARDWARE for $700
And it would not help him at all - he's developing on a IIS platform the
comment was about firewalls and security based on his question. He
wanted to restrict the site to specific IP's.
$700 does not buy much in the way of quality hardware.
> Ain't that a proce difference ??
>
> >> Everything the original poster wants can be done with a free linux
> >> running on a cheap Pentium 200 PC. This includes:
> >> 1. NAT/Masqueradeing
> >> 2. Redirecting http requests to a different address or port
> >> (ie a denied webpage)
> >> 3. Control which IPs can connect to which internal address/port.
> >> 4. Stateful packet inspection so ports are only open when needed
> >> 5. DOS detection and prevention (eg syn attacks)
> >> 6. Transparent pop3 email virus/spam filter.
> >> 7. Transparent web cache
> >> 8. Much more
> >>
> >> Heck, you could even run Apache on the linux box and avoid the
> >> terribly buggy and insecure IIS altogether. You'll have to learn some
> >> linux along the way which really isn't that hard. There's tons of
> >> help out there and the linux newsgroups are very helpful (the really
> >> annoying linux zealots seem to only hangout in the windows
> >> newsgroups).
>
> > Um, I don't see where he can run ASP pages in your FREE solution. Free
> > is relative - he would have to consider the down-time, the time to
> > convert from ASP to another platform (PHP, etc..) and the cost
> > associated with maintaining a new platform (assuming he's not a Linux
> > tech).
>
> Considering down-time as a cost i cannot see how any windows
> solution can be cheaper then a linux one.
What down time - he's already on a MS Platform, so there is no downtime.
I would assume, from your comment, that you've never run a Windows based
server on anything, or that you've never run it on a quality hardware
platform.
Why didn't you address the downtime needed to install, learn, reinstall,
configure, reconfigure, etc... a Linux install that the user has no
experience with.
If you consider moving to a foreign platform, and all the issues, it's
almost certainly cheaper to purchase the server version of Windows 2000
or even the Web Server version of Windows 2003. Time is not free when
you are running a business or trying to do "work".
> > In addition,, there is nothing insecure about IIS, we've been hosting
> > sites for more than 5 years and have never been hacked - it's all in
> > what you know and how good you are at securing it. Even Apache is easy
> > to hack if you don't secure it.
>
> I think cert has another view of "what is secure" just count
> the number of vulnabilities found and the number of infected systems.
>
> IIS is'nt even the market leader, with less then 25% of installed
> webservers it has 99% of infected systems "out there"
Um, you need to look a little deeper - those 99% are mom and pop shops
and home users. I would venture a guess and say that professional IIS
installs from hosting companies are as secure a Apache and Java based
solutions.
It's nice that you can pull the numbers that you want to see without
understanding them.
> > So, considering he appears to be a MS platform developer, a box like you
> > suggest makes no sense for him unless he wants to abandon the MS
> > platform.
>
> http != MS
I never said it was, I said that if he's doing IIS, which means he's
almost certainly doing ASP, then your solution would not work.
> > I always love how people say that Linux is free - but they never
> > consider the cost of conversion for the apps, technicians, support
> > centers people, etc... And they always said it can run on an old P200
> > system, BS, to run a "server" acting as a decent box you need at least a
> > P3 with good drives and memory to match.
I see you forgot to address this one.
> > I have a RH 9.1 install running on a Celeron 466 with 512MB of RAM and
> > 30GB of drive space and opening office on it is slow as hell, and most
> > times it looks like it's locked up. On a P4 it screams.
I see that you forgot to address this one too.
-- -- spamfree999@rrohio.com (Remove 999 to reply to me)
- Previous message: Rowdy Yates: "Re: IDS for old box?"
- In reply to: phn_at_icke-reklam.ipsec.nu: "Re: hardware firewall"
- Next in thread: phn_at_icke-reklam.ipsec.nu: "Re: hardware firewall"
- Reply:(deleted message) phn_at_icke-reklam.ipsec.nu: "Re: hardware firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
