Just to flog this horse to death...
> -----Original Message-----
> From: Bill Royds [mailto:[EMAIL PROTECTED]]
> Sent: Friday, July 06, 2001 9:28 PM
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: RE: Hardware or Software
>
>
> The useful distinction is between firewalls that run on user
> configurable (and also hacker configurable) general purpose
> OS's and those that run on closed boxes with very limited
> user activity.
I agree with this bit, but I don't agree with you conflating General Purpose
with Open Source and Task Purposed with Vendor Written (later in your mail).
There are a bunch of projects which aim to create capability based or MAC
based operating systems with open source. I've not yet seen a "build a
capability based firewall" HOWTO, though.
[...]
> There are now even ALG firewalls that come in a black box
> configuration (VelociRaptor by Symantec/Axent for example) so
> that the hardware/OS part is pre-configured to minimise
> sysadmin mistakes, while firewall rules are done remotely in
> a GUI management console.
The Gauntlet E-ppliance is another example (supposedly). I find that in most
cases one simply cannot survive (as an integrator, perhaps not as a
customer) without knowing the underlying OS and being prepared to get in and
attack the CLI. The Nokia boxes run IPSO, which is pretty much BSD - and it
ships with perl installed. Gauntlet runs Solaris (and also ships with perl).
Those aren't "appliances" in my book. I have never played with a
VelociRaptor, though.
[...]
Cheers,
--
Ben Nagy
Network Security Specialist
Marconi Services Australia Pty Ltd
Mb: +61 414 411 520 PGP Key ID: 0x1A86E304
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
