On 10/07/02 14:14 +0530, Raju Mathur wrote: <snip> > I presume you have some valid reasons for claiming Checkpoint's > superiority over Iptables. I assume he means the checkpoint proxy features. <snip> > GUI's in forewalls tend to make for sloppy administration. IMNSHO > GUI's tend to make novices believe that they're experts at complex > tasks, which is dangerous specially in situations involving security. GUIs are useful when you are too busy to script firewall rulesets for large multipoint installations (like a multinational with offices all over the world, and with a single security centre).
But GUIs in the hands of novices are dangerous. Too easy to mess something up. I would use a router with ACLs followed by a stateful firewall followed by proxies for public services like webservers, and secure MTAs like postfix/qmail/exim running spam blocks then through antivirus solutions to a different mailbox server. (Defense in depth is a good idea). Devdas Bhagat ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Two, two, TWO treats in one. http://thinkgeek.com/sf _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help
