Jim Comen wrote: > Hello, > I'm trying to determine what would be the best (and most appropriate) OS > platform for a firewall. I've looked through several months of past > postings on this mailing list as well as other URLs to see if I could find > any clear direction on this issue, but I haven't seen any. > I'm going between NT and a UNIX variant. The company I work for was using NT-based firewall for about a year and than migrated to Unix (namely FreeBSD). On NT we were using Microsoft Proxy 1.0. On FreeBSD we use several proxies, including Squid for http, SOCKS5 for circuit- level proxying, ftp-gw from TIS FWTK, etc. There were several reasons for migration. First of them was reliability. Being a security conscious person (as a firewall maintainer should be, right?) I applied all security related patches for NT. There were quite a lot of them recently. In a while the NT box became perfectly unstable bluescreening or hanging every now and then, so I ended up rebooting it almost every morning. The second thing was performance. It showed that Microsoft Proxy almost stops responding at 20 simultaneous user sessions. I witnessed this several times and was quite disappointed about it. The third thing was logging. NT just doesn't log IP addresses. Instead it logs NetBIOS names. It is a great to know that someone from machine named HAX0R was trying different user names and passwords and finally broke in. It gives you just the info you need, right? Now you just seek the whole Internet and find that HAX0R, easily. The last thing I can call transparency. I came from NT world and studied it a lot (even got that MCSE tag), but I still keep wondering on many things with it having no way to find out the answer. For instance, why my desktop NT box listens on port 1033 TCP? It has nothing to do with NetBIOS, or SMB or whatever I have on it, so why? I even don't have any tool to find out which process does it. Suppose you have intrusion. How do you know if some odd behavior is the result of intrusion or some odd NT feature you never stumbled upon before? And you keep wondering what else is lurking there of which you don't have even slightest notion. It takes much time and experiment to stripe down NT to its "bare bones" if it is possible at all. And there are things that you just cannot do. I still think than one doesn't need a GUI on a firewall host, but you cannot do anything about it in NT. Striping down Unix is much easier. It is extensively documented, and, well, comprehensible. And going with open source software gives you opportunity to dig as deep as you like, even changing anything you want or need to your likening. Now for Unix. We are using FreeBSD for a firewall for about half a year. It never crashed. It runs on twice less memory and slowerer processor than NT used to and never had any performance problems at all. It has a flexible logging architecture, so I can log what I want and need. While using NT I had no idea that my network is portscanned almost daily. Now I have. FreeBSD has support for packet filtering in kernel. NT lacks desperately capabilities it provides, such as ICMP filtering, filtering based on TCP flags, source and destination IP address, etc. Of course, my experience is not universal. We have rather tight budget for firewall and couldn't afford some full blown solution like Firewall-1, which could give NT installation some features it lacks. Please, let us don't start any flame war on NT vs. Unix. I have described just my own experience. Yours may be different. -- Alla Bezroutchko Sovlink LLC Systems Administrator Moscow, Russia - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
