|
-
October 12th, 2004, 12:15 PM
#11
Originally posted here by secure_lockdown
{..} but you still need to know what you are doing.
Isn't this always the case? Even if they put up an Cisco PIX or a Checkpoint FW/1, you still need to know what you're doing.
personally, i was against this idea of setting up a machine with OS as a firewall. i wanted a dedicated firewall device (symantec,watchguard,cisco) but i got out voted by other IT guys. it mainly came down to money. their case was that for the price of 1 FW device, they can get 3 BDS FW's and cover 3 of our sites.
Please note that even the so-called hardware firewalls run some sort of OS. For PIX it's IOS, a Checkpoint can run on IPSO (nokia hardware), NT/W2K (intel hardware) and a few others. Just like any other system you'll need to keep the OS (and the rest of the software) up2date.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
October 12th, 2004, 02:08 PM
#12
Please note that even the so-called hardware firewalls run some sort of OS. For PIX it's IOS, a Checkpoint can run on IPSO (nokia hardware), NT/W2K (intel hardware) and a few others. Just like any other system you'll need to keep the OS (and the rest of the software) up2date.
true. but still - isn't IOS et la more secure than lets say ISA on Windows or as in our case, a FreeBSD box acting as a FW.
-
October 12th, 2004, 02:50 PM
#13
It's more to do with a "hardened" TCP/IP stack. The one that's build into Windows is......errm.... 
But even IOS has it's fair share of bugs and exploits..maybe not as widely known or abused but still....and they're even worse if you try to "upgrade" from one IOS version to another. You won't believe the weirdness I've come across.
Just out of my curiousity... what version of Freebsd and which firewall are they using?
(a uname -a will tell you the version, build etc. and have a look at /etc/rc.conf to see which firewall they're running).
I recently updated my homenetwork from RELENG_4 to RELENG_5 (major upgrade!) because 5 is going stable RSN and I wanted to play with all the new features 
Oliver's Law:
Experience is something you don't get until just after you need it.
-
October 12th, 2004, 05:38 PM
#14
To be frank, it is outright stupid of them to deploy a device to you without providing you with the proper training. You shouldn't be coming here for help, you should be telling them you require training before this gets properly implemented. If they are incapable of doing that, you should raise the issue with your superiors. The most secure firewall is one that can be properly maintained, they have done precisely the wrong thing here, but you can get them to fix it by allocating a certain amount to training.
The training the staff aspect of things must have been utterly ignored or just outright not considered.
Chris Shepherd
The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
\"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
Is your whole family retarded, or did they just catch it from you?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote