Unix Firewall Ramble - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 14 of 14

Thread: Unix Firewall Ramble

  1. #11
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    Originally posted here by secure_lockdown
    {..} but you still need to know what you are doing.
    Isn't this always the case? Even if they put up an Cisco PIX or a Checkpoint FW/1, you still need to know what you're doing.

    personally, i was against this idea of setting up a machine with OS as a firewall. i wanted a dedicated firewall device (symantec,watchguard,cisco) but i got out voted by other IT guys. it mainly came down to money. their case was that for the price of 1 FW device, they can get 3 BDS FW's and cover 3 of our sites.
    Please note that even the so-called hardware firewalls run some sort of OS. For PIX it's IOS, a Checkpoint can run on IPSO (nokia hardware), NT/W2K (intel hardware) and a few others. Just like any other system you'll need to keep the OS (and the rest of the software) up2date.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  2. #12
    Senior Member
    Join Date
    Jul 2004
    Posts
    131
    Please note that even the so-called hardware firewalls run some sort of OS. For PIX it's IOS, a Checkpoint can run on IPSO (nokia hardware), NT/W2K (intel hardware) and a few others. Just like any other system you'll need to keep the OS (and the rest of the software) up2date.
    true. but still - isn't IOS et la more secure than lets say ISA on Windows or as in our case, a FreeBSD box acting as a FW.
    More cowbell! We need more cowbell!
    http://www.geocities.com/secure_lockdown/
    - - -
    \"Is the firewall there to protect you from the outside world or is it there to protect the outside world from *YOU*?\"

  3. #13
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    It's more to do with a "hardened" TCP/IP stack. The one that's build into Windows is......errm....

    But even IOS has it's fair share of bugs and exploits..maybe not as widely known or abused but still....and they're even worse if you try to "upgrade" from one IOS version to another. You won't believe the weirdness I've come across.

    Just out of my curiousity... what version of Freebsd and which firewall are they using?
    (a uname -a will tell you the version, build etc. and have a look at /etc/rc.conf to see which firewall they're running).

    I recently updated my homenetwork from RELENG_4 to RELENG_5 (major upgrade!) because 5 is going stable RSN and I wanted to play with all the new features
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  4. #14
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    To be frank, it is outright stupid of them to deploy a device to you without providing you with the proper training. You shouldn't be coming here for help, you should be telling them you require training before this gets properly implemented. If they are incapable of doing that, you should raise the issue with your superiors. The most secure firewall is one that can be properly maintained, they have done precisely the wrong thing here, but you can get them to fix it by allocating a certain amount to training.

    The training the staff aspect of things must have been utterly ignored or just outright not considered.
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides