[ale] OT: Firewall purchase

James P. Kinney III jkinney at localnetsolutions.com
Sun Jul 4 20:33:16 EDT 2004


On Sun, 2004-07-04 at 16:15, David Hamm wrote:
> Thanks for the links and suggestions but this firewall is for a client and 
> building a custom firewall will not be price competitive;  Especially if you 
> consider the ease of use available for $100 from Netgear and D-Link.
>    
> 

Both of those have known security issues. Neither support VPN
connections directly. Having a hardware device that has had a backdoor
password that is HARDCODED into the silicon and well published is a
waste of cash. One the power blinks, they go back to the default
backdoor settings.

The upfront cost of buying a supportable setup is negligible compared to
the replacement cost over time of upgrading the firewall hardware system
everytime a new feature to stop a new style of attack is not upgradeable
by a flash of the bios.

All of the off-the-shelf firewall devices are generic boxes that are
cookie cutter rule sets for a limited set of protection scenarios. The
ability to ssh into the firewall and adjust as needed is absolutely
priceless.

Besides, how else are you going to run Bob's ruleset?!
> 
> On Sunday 04 July 2004 03:40 pm, Dow Hurst wrote:
> > David Hamm wrote:
> > > Hi,
> > >
> > > I'm looking for a firewall that supports IPSEC for VPN and OSPF.
> > > Netgear has
> > > stuff I found attractive but with no OSPF support. Moving parts (ie
> > > fans and
> > > disks ), and user licensing are out. Anyone have any suggestions?
> > >
> > > Thanks.
> > > _______________________________________________
> > > Ale mailing list
> > > Ale at ale.org
> > > http://www.ale.org/mailman/listinfo/ale
> >
> > Look at building it yourself using Slackware, Bob Toxen's second edition
> > of his book, and a Epia based fanless supersmall machine with dual
> > builtin NICs.  His book has drop in iptables rules that are excellent.
> > Once you get that far then going thru the IPSEC Howto is not too
> > difficult.  Just involves a kernel module compile and insertion.
> >
> >
> >
> > Links:
> > http://www.tldp.org/HOWTO/VPN-Masquerade-HOWTO.html#toc3
> > http://www.impsec.org/linux/masquerade/ip_masq_vpn.html
> > http://www.onlamp.com/pub/a/bsd/2004/03/11/Big_Scary_Daemons.html (this
> > is one idea)
> >
> >
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
> 
> !DSPAM:40e865ab264321449085148!
-- 
James P. Kinney III          \Changing the mobile computing world/
CEO & Director of Engineering \          one Linux user         /
Local Net Solutions,LLC        \           at a time.          /
770-493-8244                    \.___________________________./
http://www.localnetsolutions.com

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part




More information about the Ale mailing list