+++ Vijay Kumar [linux-india] <03/06/02 17:27 +0530>:
> We have a Check Point Firewall and we want to replace that with linux box -
> how secure would this be ?
Extremely secure - and use iptables instead of ipchains
> Have'nt really worked on checkpoint. How do I evaluate the pros and cons of
> both these options ?
Cost. Checkpoint is stateful, pretty efficient etc. But - it is costly, a
major memory hog, and has this cute GUI which makes it very easy to misconfig
it ... ANYTHING with a GUI - there's a guarantee it is easy to make errors.
Like for eg. the idiot in the ISP for our previous workplace who saw all the
traffic coming into port 22 of various machines ... and firewalled port 22.
Then, it is about as secure as the underlying OS is secure. If you install
checkpoint on a solaris 2.6 unpatched box, expect to get cracked immediately.
And for gods sake, disable the braindead 'smtp firewall' implementation on it
> I dont have any idea about nor have heard about a checkpoint firewall being
> cracked.
Seen several.
> Also if there are any packages for monitoring online traffic which
> determines :
> a) Bandwidth consumed by a particular IP address
> b) web sites visited by a particular machine/IP address
Covered umpteen times on this list. There's mrtg, there's squid proxies with
log analyzers ...
Take the time to read a few past posts, or maybe search google first. You
will get extremely quick results that way.
-srs
--
Suresh Ramasubramanian <----> mallet <at> efn dot org
EMail Sturmbannfuhrer, Lower Middle Class Unix Sysadmin
[Linux One Stanza Tip] From : <[EMAIL PROTECTED]>
LOST #149 -**< Sub : Julian dates >**-
There is a need at times to know how many days have lapsed
since Jan 1 (Julian dates). The easiest way out is to use the
cal program [ Try: cal -j 10 2001 ... and have a look !]
_______________________________________________________________
Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm
_______________________________________________
linux-india-help mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/linux-india-help
