[lug] Firewalls

Brian Jarrett BrianJ at StorageSoft.com
Tue Aug 1 10:59:15 MDT 2000 

Oh, Man!  The whole question of "Is open-source a benefit or hindrance to
security" is and has been a huge debate in and outside of the Linux
community.  So I'll leave that alone, but I will say this:

My boss and owner of the company I work for has just bought a firewall from
eSoft called the Interceptor.  (If anyone else has experience with this
device, I'd like to hear about your experiences.)  He's working on setting
it up, but I've been helping him with it.  Here's some of the problems with
firewall appliances I see:
1.  They can use different names for things than what you may understand.
Example:  NAT redirect instead of Port Forwarding
2.  You can only set what their configuration screens allow, meaning you
have less control over what the device is doing and what you can tell it to
do.
3.  If a security vulnerability is found with the device, you may or may not
get information, patches, etc. on it.  I would imagine some manufacturers
have policies and service agreements on this -- definitely something to keep
in mind.

I like Linux because I can get into the guts of it and figure out how things
work to penetrate a system and what works to secure the system from that
penetration.  I'm just now starting out in this area, but I know it's a
great learning tool at the very least.  I'll be using a linux system to test
the firewall we do set up to make sure it does what we configured it to do.
I'll also be using Linux to do IDS work.

Brian Jarrett
celttechie at techie.com

-----Original Message-----
From: David Morris [mailto:boru at frii.com]
Sent: Tuesday, August 01, 2000 10:32 AM
To: Boulder Linux User's Group
Subject: [lug] Firewalls


The recent discussion on firewalls for DSL/Cable has brought up this
question:

What benefits, increased security, etc. does a stanalone firewall
(such as the linksys BEFSR41 mentioned) have over a LINUX box running
a firewall?  

Is it simply a matter of open source code?  Does the visibility of
LINUX code decrease security because anyone can search through it for
holes, or does it increase security by allowing anyone to go in and
fix those holes as fast as possible?

I am not looking for product endorsements, but rather a reason to use
one version of a firewall over the other.

--David



_______________________________________________
Web Page:  http://lug.boulder.co.us
Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug

More information about the LUG mailing list