Actually, they don't care if I get hit by a bus(Great employer huh?). There
is another guy that can handle the situation if I am gone.
Support is the major argument for us to use a commercial firewall. Basically
because, what if I don't know the answer and can not find the answer?
Although, I feel that I will not encounter any problems that are unheard of.
I have read the posts and think I will go with a FreeBSD Box with ipfw.
Thanks for all that have helped.
Mike
eEye Digital Security Team
www.eEye.com
Fingerprint:
AD0F 16F9 0067 7772 EFA9 996F 9AD2 5F16 A6AF EA7C
> IMO you can do a pretty darn good job for a small network with just
careful
> (non-stateful) packet filtering, NAT, and a little care in the services
you
> train the users to use.
>
> However...
> According to Rusty, the ipchains guy:
>
> "ftp://ftp.interlinx.bc.ca/pub/spf is the site of Brian Murrell's SPF
> project, which does connection tracking in userspace. It adds significant
> security for low-bandwidth sites."
>
> This may work for you. I haven't looked at it at all, though.
>
> I have actually been wondering if there was an SPF solution in freeware.
> Thanks for giving me an excuse to find out. 8) Anyone know if there's a
"cut
> through proxy"? [1]
>
> And of course as someone pointed out, you can go more secure again and use
> FWTK to get a full application proxy.
>
> The argument for commercial and non-commercial is usually won and lost on
> support and accountability.
>
> Does this site care if you (or whoever sets up the freeware firewall) get
> hit by a bus and can't fix their firewall any more?
>
> Do they care if they have a support issue, and their consultant can't
solve
> the problem? Where do they escalate it to? The Internet? Faaaaaaantastic.
>
> Do they insist that the solution they implement be "commercially tested",
> which is evidence of it's general goodness?
>
> Of course, I am taking no sides on this issue - and I (personally) don't
> think that "commercial testing" is proof of anything except good desktop
> publishers. Flame elsewhere.
>
> Cheers,
>
> [1] My understanding of this term is: When a packet arrives that is about
to
> start a new "connection", it is looked at in detail, a bit like an
> application proxy. However, once the packet is marked OK, the rest of the
> connection gets written into some state thingy and further packets for
this
> connection are just passed through (basically) an SPF. Very fast. As I
> understand it, 'normal' Stateful Packet Filters don't neccessarily do this
> unless they need to in terms of opening and closing ports. Then again I
> could be wrong.
> --
> Ben Nagy
> Network Consultant, CPM&S Group of Companies
> PGP Key ID: 0x1A86E304 Mobile: +61 414 411 520
>
> > -----Original Message-----
> > From: Mike [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, 15 September 1999 12:57 AM
> > To: [EMAIL PROTECTED]
> > Subject: Commercial Firewall or not
> >
> >
> > I got a client that has a 30 machine network. Nothing big,
> > but they want a
> > firewall. I personally am thinking of putting up a FreeBSD
> > box with ipfw.
> > They of course want to be as secure as possible. Is this
> > enough? What are
> > the arguments of why to go with a commercial firewall? Or with a
> > non-commercial one?
> >
> > One argument for non-commercial is price.
> > One argument for commercial is the extra features it has i.e. stateful
> > inspection etc.
> >
> > Any help would be very appreciated.
> >
> > Mike
> > eEye Digital Security Team
> > www.eEye.com
> >
> > Fingerprint:
> > AD0F 16F9 0067 7772 EFA9 996F 9AD2 5F16 A6AF EA7C
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
