At 5:38 PM -0500 3/18/02, Mike Burger wrote:
>On Mon, 18 Mar 2002, Patrick Beart wrote:
> > >
>> >On Sat, 16 Mar 2002, Patrick Beart wrote:
>> > > I'm new to the whole "security" thing, but I've learned that
>> >>a hardware appliance is better than software, if only for the fact that
>> >>someone is technically already IN the machine when they hit the firewall
> > >>software. ...snip...
> > >
> > ...snip...
>> Having a PHYSICAL device sitting AHEAD of your server(s) is,
>> IMO, far superior to having the "software" sitting in that same
> > server box(-es). ...snip...
> > I want the big electronic "bouncer" sitting OUTSIDE my
>> virtual house, not in the foyer.
>
>You've apparently missed the point that you could just as easily take an
>old PC, install Linux with IPTables and just use it as a firewall, outside
>of your servers, themselves.
Why would I, or anyone, want to dedicate an entire 1U of
space (or MORE!) for a firewall device when my Netscreen isn't any
bigger than a 4 port hub? (about 5 x 6 inches) Seems like a waste of
cabinet space to me, ... unless you're trying to secure more than a
full cabinet worth of servers.
>I'm doing this, here...I have a Pentium 200 dedicated to nothing but
>iptables firewalling, and then I also have some additional iptables
>firewalling on the server, itself.
>
>A little double whammy for the bad guys.
It's also twice the debugging, editing, and troubleshooting.
Enjoy! ;-)
Patrick Beart
--
------------------------------------------------
Web Architecture & "iWeb4Biz" 503-774-8280 Portland, OR
Internet Consulting, Intelligent Web site Development & Secure site Hosting.
http://www.WebArchitecture.com/
"This is an era when nonsense has become acceptable and sanity is
controversial."
- Thomas Sowell
------------------------------------------------
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
