[Dshield] firewall help request
from at e-solutions.lv
Fri Oct 3 16:22:46 GMT 2003
Cyberguard has per applience licencing. It costs alot. but security
About what scalability you're talking about? I don't think, you can manage
some dozens of linux boxes so easily as cyberguards (or ciscos, or
checkpoints, or sonicwalls, or...) managed thru centalized management.
Ok, I wasn't right about iptables capabilities(sorry, I'm not working with
linux so much this days ).
If we are talking about small amount of boxes - yes, linux means more
scalability, more features, more posibilities.
but in case of running more then N boxes(N<10), linux firewalls TCO hardly
will be cheeper: you need to patch every box separately, to modify rules
separately. So in big networks you receive more overhead, more complex
network to understand, so more propability of having holes in security.
On Fri, 3 Oct 2003 10:42:05 -0400, Mark Tombaugh <mtombaugh at alliedcc.com>
> On Friday 03 October 2003 01:34 am, Roman Fomichev wrote:
>> As I understand, John, you can't do nothing then packet filtering on
>> linux. No stateful firewall, no proxing technologies....
>> Linux with iptables is good for very low cost solutions or for home
>> solution, where two skilled people using opera browser surh the net.
>> But if you are talking about normal security budget, you need to have
>> solution that can protect you users running IE.
>> Cyberguard with proxying technologies or equivalent solutions from other
> This is absolute fud. Iptables is used extremely effectively on very
> corporate, governmental , and educational networks, in order to provide
> scalable, stateful, packet filtering within tight budgets, which is why
> it is
> also found on small home LANs.
> Before you make anymore rifrikindiculous comments like this, educate
> Budget? Whats a Cyberguard cost these days? Is it per seat licensed like
> Less fud more facts please.
> (Sorry for the redundant post, I couldnt help myself)
If you don't keep up with security fixes, your network won't be yours for
More information about the list