Re: hardware firewall

phn_at_icke-reklam.ipsec.nu
Date: 01/07/04 

Date: Wed, 7 Jan 2004 18:29:35 +0000 (UTC)

Leythos <void@nowhere.com> wrote:
> In article <bth9sk$28l4$2@nyheter.ipsec.se>, phn@icke-reklam.ipsec.nu
> says...
>> Leythos <void@nowhere.com> wrote:
>> > In article <qbbnvv4f9ndk2lfs59iavup2no8t3ctf64@4ax.com>,
>> > chris@nospam.com says...
>> >> On Mon, 05 Jan 2004 23:20:42 GMT, Leythos <void@nowhere.com> wrote:
>> > [snip]
>> >> >To be honest, you might be better off purchasing a copy of Windows 2000
>> >> >Server and using a Linksys Router with NAT. The cost of a good firewall
>> >> >that will also provide IP restrictions will cost more than the Server
>> >> >software and a simple NAT router.
>> >>
>> >> Have you priced W2K Server lately?
>>
>> > Yes, Server 2000 standard will run on any beefy workstation and is only
>> > $700 US. It can be purchase for less if you are a non-profit or a
>> > educational member. You can also subscribe to the MSDN, if you are a
>> > developer of MS products you should already have this, and install
>> > anything they make.
>>
>> I can obtain a linx server AND HARDWARE for $700

> And it would not help him at all - he's developing on a IIS platform the
> comment was about firewalls and security based on his question. He
> wanted to restrict the site to specific IP's.

Shure it would have helped him. The discussion was ( read yourself)
about installing a hardware firewall outside his wintendo boc)

> $700 does not buy much in the way of quality hardware.
We don't live in the same world. I can purchase a DELL dimension 2400
for 2 790:- Svedish crowns ( divide by 7 ) I need to add
memory and one NIC .

>> Ain't that a proce difference ??
>>
>> >> Everything the original poster wants can be done with a free linux
>> >> running on a cheap Pentium 200 PC. This includes:
>> >> 1. NAT/Masqueradeing
>> >> 2. Redirecting http requests to a different address or port
>> >> (ie a denied webpage)
>> >> 3. Control which IPs can connect to which internal address/port.
>> >> 4. Stateful packet inspection so ports are only open when needed
>> >> 5. DOS detection and prevention (eg syn attacks)
>> >> 6. Transparent pop3 email virus/spam filter.
>> >> 7. Transparent web cache
>> >> 8. Much more
>> >>
>> >> Heck, you could even run Apache on the linux box and avoid the
>> >> terribly buggy and insecure IIS altogether. You'll have to learn some
>> >> linux along the way which really isn't that hard. There's tons of
>> >> help out there and the linux newsgroups are very helpful (the really
>> >> annoying linux zealots seem to only hangout in the windows
>> >> newsgroups).
>>
>> > Um, I don't see where he can run ASP pages in your FREE solution. Free
>> > is relative - he would have to consider the down-time, the time to
>> > convert from ASP to another platform (PHP, etc..) and the cost
>> > associated with maintaining a new platform (assuming he's not a Linux
>> > tech).
>>
>> Considering down-time as a cost i cannot see how any windows
>> solution can be cheaper then a linux one.

> What down time - he's already on a MS Platform, so there is no downtime.
> I would assume, from your comment, that you've never run a Windows based
> server on anything, or that you've never run it on a quality hardware
> platform.

I mean down-time of an additional windows machine, which needs to
be rebooted for each and every service-pack installed. How often
do they come ? My *BSD machines has been "secure" from the CD
and are often running (yes running with zero downtime) for years.

> Why didn't you address the downtime needed to install, learn, reinstall,
> configure, reconfigure, etc... a Linux install that the user has no
> experience with.
That can be bought for less money then a windows license. Look for
"packced linux-based firewalls"

> If you consider moving to a foreign platform, and all the issues, it's
> almost certainly cheaper to purchase the server version of Windows 2000
> or even the Web Server version of Windows 2003. Time is not free when
> you are running a business or trying to do "work".

>> > In addition,, there is nothing insecure about IIS, we've been hosting
>> > sites for more than 5 years and have never been hacked - it's all in
>> > what you know and how good you are at securing it. Even Apache is easy
>> > to hack if you don't secure it.
>>
>> I think cert has another view of "what is secure" just count
>> the number of vulnabilities found and the number of infected systems.
>>
>> IIS is'nt even the market leader, with less then 25% of installed
>> webservers it has 99% of infected systems "out there"

> Um, you need to look a little deeper - those 99% are mom and pop shops
> and home users. I would venture a guess and say that professional IIS
> installs from hosting companies are as secure a Apache and Java based
> solutions.

I guess that mom&pop shops runs on all kind of hard-software. In fact
they do.

> It's nice that you can pull the numbers that you want to see without
> understanding them.

What did i not understand ? Please specify !

>> > So, considering he appears to be a MS platform developer, a box like you
>> > suggest makes no sense for him unless he wants to abandon the MS
>> > platform.
>>
>> http != MS

> I never said it was, I said that if he's doing IIS, which means he's
> almost certainly doing ASP, then your solution would not work.

>> > I always love how people say that Linux is free - but they never
>> > consider the cost of conversion for the apps, technicians, support
>> > centers people, etc... And they always said it can run on an old P200
>> > system, BS, to run a "server" acting as a decent box you need at least a
>> > P3 with good drives and memory to match.

> I see you forgot to address this one.
No, but it's irrelevant to running a firewall. GUI is bloaty, and
to little memory will make linux and *BSD system slower.

>> > I have a RH 9.1 install running on a Celeron 466 with 512MB of RAM and
>> > 30GB of drive space and opening office on it is slow as hell, and most
>> > times it looks like it's locked up. On a P4 it screams.

> I see that you forgot to address this one too.
What should i say ? What does 'top' tell you about lack of memory ?
What unneeded daemons are running ? Of course anything will run faster
on a P4 - is that surpricing ?

> --
> --
> spamfree999@rrohio.com
> (Remove 999 to reply to me) 

-- 
Peter Håkanson         
        IPSec  Sverige      ( At Gothenburg Riverside )
           Sorry about my e-mail address, but i'm trying to keep spam out,
	   remove "icke-reklam" if you feel for mailing me. Thanx.

Relevant Pages

  • Re: Dell PowerEdge 2450 & Win2k3 server
    ... The other thing you can do is try to run just one CPU and see if one of the ... Enterprise server sp1. ... I get this error after the windows setup process. ... Tried installing with the PERC and also tried installing using the ...
    (microsoft.public.windows.server.general)
  • Re: Windows Advanced Server 2000 PKI
    ... following as a rough guideline for installing a Windows 2000 Enterprise or ... - install or reconfigure your DHCP server accordingly ... Join Windows 2000 member server to new domain and install Enterprise or ... > We would like to setup PKI having server2 as the> certificate authority. ...
    (microsoft.public.win2000.security)
  • Re: Time learning openSUSE
    ... should think about when talking to Windows admins ... I must honestly say I have had more downtime on the Linux server then on ... installing Linux on Bill Gates PC. ...
    (alt.os.linux.suse)
  • Re: SBS & WSUS 3.0
    ... If you are manually installing the WSUS 3.0 SP1 product on Windows Small ... Business Server 2003, follow the instructions in Installing Windows Server ...
    (microsoft.public.windows.server.sbs)
  • Re: hardware firewall
    ... >> comment was about firewalls and security based on his question. ... he wanted to limit the connections to his Windows development web server ... month and am installing over $328K worth of them next week. ... >> I would assume, from your comment, that you've never run a Windows based ...
    (comp.security.misc)