At 05:50 PM 10/18/99 -0700, Firewalls-Digest wrote:
I need some advice on what options there are to provide a small network of
Macs with a low cost firewall; I have a client with a LAN of 30 Macs who
wants a leased line and a mail server installed on his LAN, and wants the
machines on his LAN to be able to reach the net. The general advice I'm
getting is that Macs are difficult to hack into, so just plug his Cisco
1600 straight into his ethernet hub ... but I don't think I'd sleep too
well without some sort of firewall so I'd be very grateful if someone can
tell me what my options are (the solution needs to be low cost).
Although we don't have Macintoshes, per se, we have been using a firewall appliance made by SonicWALL (www.sonicwall.com) to protect a small number of NT computers and one Solaris box.
In particular, we are using a SonicWALL DMZ for the clustered workstations and SonicWALL/10 with VPN upgrade for a few telecommuters. The SonicWALLs are very inexpensive compared to other possible solutions that we considered.
We have conducted our own penetration tests and are pleased with their performance so far.
As far as the inherent security of Macintosh computers is concerned, they do have a leg up on more sophisticated platforms in that they offer minimal native network services (e.g., they don't have telnet & ftp out of the box) so it is harder to remotely abuse them. However, they are subject to certain DoS attacks. And, of course, someone could always mis-configure file sharing, etc. Short answer is that firewall protection is prudent.
Best regards,
-Kip
--------------------------------------------------
Kip A. Boyle, CISSP
SRI Consulting, Seattle, Washington
Voice:
253/639-6223
Fax: 253/638-6843
--------------------------------------------------
-----BEGIN PGP PUBLIC KEY FINGERPRINT-----
Version: PGP for Personal Privacy 5.0
AE82 8B89 D087 CE9F 336B 9E18 B26A 467E 5112 FF13
-----END PGP PUBLIC KEY FINGERPRINT-----
