On Sat, 7 Mar 1998, Hubert Weikert wrote: > Please don't expect that every user has the knowledge to > - select the appropriate packeges for a firewall > - and to configure them.
In my experience firewalls need to have a competent administrator to be and to provide security. They have to be targeted for the individual security situation, In this case the point and click method does not work. Debian systems come preconfigured for standard security situations AFAIK. In situation when a Debian system is used as a router the issues are different naturally. > I also don't like to do always the same repeating tasks for every firewall > installation. I want some of the tasks automated, I want to give parts of > a firewall management to less knowledgable admistrators (like user > management for proxies). I also want an autitable system, preferably a > automatic auditing of the system setup against a formal description of the > security policy. proxy's are a no no for me unless transparent. Firewalls have to be transparent too. They are not ways to harass users. What I like so much about Linux is that security measures are transparent and do not result in major performance hits. You can use VPN measures if you need additional security. Logging is also already excellent and I have it repeated used it to track down people trying to get into my Network. A formal description of the security policy??? Oh man what idealism. That is one of the issues why I dont want to be on the list. > The today best selling commercial firewall attracts with a graphical > user interface. As a purist I don't like it, but this type of user > interfaces are expected from the users. A firewall system without a > colourfull windows interface could not be a good firewall, it could be to > complicated to setup it and to manage it. So the mind of decission makers > in the industry. So release a package that sets up a standard firewall (assuming a router into a class C network) using the existing stuff. Should not be a big issue and be done in an hour. And it gives people the same mistaken sense of "firewall" protection than the commercial "solutions". There are editors providing color and the classic dialog package will certain prove useful. -- E-mail the word "unsubscribe" to [EMAIL PROTECTED] TO UNSUBSCRIBE FROM THIS MAILING LIST. Trouble? E-mail to [EMAIL PROTECTED] .
