> -----Original Message-----
> From: John P [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, 29 August 2000 9:15 PM
> To: Ben Nagy; [EMAIL PROTECTED]
> Subject: Re: Cisco IOS Firewall
>
>
> I'm a (lurking) member of the firewall list and saw your
> comments on Linux;
> I am using this as a router/firewall via the Linux router
> project (LRP) -
> how secure do you think this is in the grand scheme of
> things? Assuming
> IPchains is configured correctly and no services are running,
> of course.
That's the big assumption, isn't it...
My main reason for such half-accurate and inflammatory comments was to
combat the epidemic of Linux fever for boxes that are security principals.
It seems like people forget, or don't know, that Linux provides a pretty
swiss-cheesy out-of-box experience. There's nothing wrong with the basic
current Linux IP stack (that I've heard of) and especially with add-ons like
RSBAC [1] you can make it secure.
So don't panic. If you're running a pared-down Linux box you're not doomed.
I just personally think that an OS that has had proactive security-based
code review is odds-on to be more secure than an OS that is fragmented and
in a major growth phase.
I also like ipfilter better than ipchains - mainly because it's stateful and
easier to manage (IMO - YMMV).
>
> Cheers
> John
>
Cheers,
[1] www.rsbac.org - _Real_ security for Linux boxen.
--
Ben Nagy
Network Consultant, Volante Solutions
PGP Key ID: 0x1A86E304 Mobile: +61 414 411 520
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
