/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
I am a computer technician on staff at a small college in Ohio. We recently
purchased some Cisco equipment 35xx & 400x switches and a support contract from a
local company. The company's cisco/network guru was talking to us about the cisco pix
firewalls and all of the benefits. He knew we were using linux and WinNT at the
moment and told us the Cisco pix was superior and that Operating System based
firewalls (WinNT and Linux) are actually vulnerable to certain types of attacks. Let
me be more specific. He said that under certain conditions within the operating
system (other tasks it is performing) that the firewall rules will be "ignored" in
favor of the other tasks and will let harmful packets get in. He said that certain
checks get "skipped" under certain circumstances. He also said that the Cisco PIX was
nearly undetectable and only surpassed by Firewall1 (another firewall product). He
rattled off something about a testing service that cost $13000 and how it was verified
by cisco and everything. His knowledge seemed very limited to cisco equipment in most
respects upon quizzing him a bit. But I guess I would like to know from an expert,
are operating system based firewalls vulnerable or deficient in the way he seems to
indicate? Anyone have experience with cisco pix firewalls?
Qmail/LDAP interoperability website notice:
"Note: This is NOT point-and-click-and-then-it-works ware!
You should have fairly good prior knowledge of qmail and LDAP."
It means that "Bob the Janitor" cannot be your system administrator.
Only someone who understands the technology can do so.
Avoid the use of expensive, buggy, unreliable, no-brainer technology that will cost
your employer $$$.
Be a computer science major, not a janitor.
Yahoo! Mail Personal Address - Get email at your own domain with Yahoo! Mail.
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
