What's a good firewall?

Wynd · 08-01-2001, 01:38 AM

I read in a book that Linux is so secure it doesn't need a firewall, but i don't believe it, so what would you recommend as a firewall? (unless of course the above is true...)

mcleodnine · 08-01-2001, 02:45 AM

'linux' is not a good firewall. Most distributions have a LOT of stuff running that really shouldn't be _public_.

'linux' that has been tamed with ipchains/iptables _can_ be a very good logging firewall.

'linux' that is set up as a proxy service can be a very effective firewall and performance tool.

It's up to the admin to make it so.

cinnix · 08-01-2001, 03:14 AM

I would be scared to read a book that made such a foolish remark.

raz · 08-01-2001, 04:20 AM

Wynd,

It depends on how much money you have to spend and how critical the network/server data is.

Linux is not secure as default, you can switch of all the public services, but you may as well just unplug it from any network connection.
I would start by burning the book your reading.

He's a list that shows you the type of systems you can use.

A Linux firewall:
need: PC + software
cost: cheap
Security rating out of 100 if configured correctly: 60

A Cisco ACL router with firewall SW:
Need: a Catalyst router with FWSW
cost: £2000 up
Security rating out of 100 if configured correctly: 40

A Cisco PIX firewall
Need: a PIX box
Cost: £2000 up
Security rating out of 100 if configured correctly: 80

A Solaris box with Checkpoint + 10 VPN connections
Need: a x86 or Sun System
Cost: £6000 up to £180,000 "depends on Sun's hardware"
Security rating out of 100 if configured correctly: 70

A Nokia box running Checkpoint FW1 + 10 VPN
Need: a Nokia FW1 box
Cost: £30,000 up
Security rating out of 100 if configured correctly: 90

A Watchguard firebox system:
Need: a lovely red looking box
Cost: £2000 up to £50,000
Security rating out of 100 if configured correctly: 90

There are plenty of others, I've just listed the main ones so you get an idea.
Linux is fine for stopping most attacks, but not so fine for critical or sensitive data systems.

/Raz

mcleodnine · 08-01-2001, 11:41 AM

SuSE has a commercial firewall product that runs with no HDD. It's a 'live' ISO image on a cd-rom that you configure with a floppy. Once configuration is complete you make the floppy disko read-only a-la the little read-only tab. It prices out at $US695 or around there.

Oh. And you need a box and 2 NICs as well.

Wynd · 08-01-2001, 12:51 PM

Don't worry, i didn't buy the book

I just wanted a firewall program for personal use, no expensive hardware stuff

r3b00t · 08-06-2001, 11:59 AM

A firewall is as secure (good) as the rules you feed it...

zhenwu · 08-07-2001, 01:06 AM

If it's just a personal firewall, check out pmfirewall for linux.

www.pointman.org

Once you install it, it has a very cool configurator that asks you a bunch of questions, then sets the ipchains rules from your answers.

Of course, you need to have ipchains up and running...