If someone understands not the OS, then they should certainly not be
trying to do security on top of it. That is someone that needs to hire a
professional for sure.
Thanks,
Ron DuFresne
On Sat, 28 Apr 2001, Klaus Schulze wrote:
> Did you check the real good firewall
>
> Astaro Security Linux
>
> It is Linux based, but with their superior frontend, you dont need to understand
>Linux.
> And it inlcudes Stateful inspection, proxies and VPN. The pwoer of FW, for a quarter
>of the price
>
> Klaus Schulze
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of Ron DuFresne
> > Sent: Thursday, April 26, 2001 11:46 PM
> > To: Jose Nazario
> > Cc: Randal, Phil; [EMAIL PROTECTED]
> > Subject: RE: Linux Firewalls (WAS: Looking for...)
> >
> >
> >
> > I do not see where the linux realm is hte only sucker to this kind of
> > issue, in fact, time has shown it to be something significant for the
> > BIG<tm> vendors themselves.
> >
> > Thanks,
> >
> > Ron DuFresne
> >
> > On Thu, 26 Apr 2001, Jose Nazario wrote:
> >
> > > On Thu, 26 Apr 2001, Randal, Phil wrote:
> > >
> > > > So I would not recommend IPTables under Linux without using the latest
> > > > kernels.
> > >
> > > this is a dangerous philosophy to get into, frankly. the Linux
> > kernel has
> > > a long and tired history of introducing more bugs into the
> > latest, rushed
> > > kernel than they fix. (i've been using Linux since kernel 1.2, i'm a bit
> > > old school.) as such, you're highly likely to break something
> > valuable as
> > > you attempt to fix something.
> > >
> > > the problem stems from a development cycle that has a pace that
> > cannot be
> > > monitored efficiently by the people who check code for correctness and
> > > security. never mind that they explicitely don't care about security.
> > >
> > > sometime before 2.4 went 'prime time', i thought i would get involved. i
> > > spent several intense days pouring over code and mailing list
> > material and
> > > emerged shocked at the inconsistent quality of netfilter code. its
> > > blatantly insecure in some places, and contributions pour in and get
> > > checked in without much scrutiny.
> > >
> > > i'm no longer the young, firey man i was. i don't have the time
> > to put up
> > > lonely battles and attempt to change even a few peoples' minds.
> > i gave up,
> > > i walked away from it and back towards code i could trust (*BSD and
> > > IPFilter).
> > >
> > > you learn a lot reading kernel code, you get to see a lot of the innards
> > > of a project that way by reading comments and looking at code quality.
> > >
> > > i said it last night, and i'll reiterate it: remember that not
> > every tool
> > > is designed for the jobs it can accomplish (ie a Linux firewall). use a
> > > tool designed for a purpose like that, and in doing so you may have to
> > > extend your horizons.
> > >
> > > ____________________________
> > > jose nazario
> > [EMAIL PROTECTED]
> > > PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
> > > PGP key ID 0xFD37F4E5 (pgp.mit.edu)
> > >
> > > -
> > > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > > "unsubscribe firewalls" in the body of the message.]
> > >
> >
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > "Cutting the space budget really restores my faith in humanity. It
> > eliminates dreams, goals, and ideals and lets us get straight to the
> > business of hate, debauchery, and self-annihilation." -- Johnny Hart
> > ***testing, only testing, and damn good at it too!***
> >
> > OK, so you're a Ph.D. Just don't touch anything.
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
