Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: comments on fwbuilder

from [Christophe Lucas] Network Security [Permanent Link]
Subject: Re: comments on fwbuilder
Date: Tue, 19 Oct 2004 09:16:38 +0200 
NabilM@kuveytturk.com.tr (NabilM@kuveytturk.com.tr) wrote:

Well, I know the basics of writing my own rules for iptables. There sure
are many good tutorials for that on internet. 

However, for a firewall to be practically used in an enterprise, it has
to be user friendly. That is, an enterprise may need to change rules
often for business needs. Managing so many rules with so many clients
and servers is very inefficient by only using the iptables command line.
For a small home office network, iptables is fine. 


I am a really good friend of comand line software, but I think you are
albsoluty right on this point. Companies treat lot of
information streams, the easiest way to allow or not a client to use a
service is an gui for iptables. I am agree with the point of view that
modify some lines in a iptables script is easy. But the efficiency is
the more important is this case (company case).


The second point is that understanding rule sets should be simpler. The
organization does not want to depend on iptables experts. If one leaves,
they are only bound to hire an iptables expert. It should not be about
being a geek. In business enterprise, its about efficiency.


Absolutely agree...


Fwbuilder has a very nice object based approach like Checkpoint. You can
make objects and place them in domains and assign/remove rule sets. Only
concern is the compilation of objects and rule sets into iptables rule
sets is secure enough to be used in an enterprise. Iptables all alone is
sure NOT and enterprise product mainly because it is not user friendly
(though there are other deficiencies like having statefull filtering and
not statefull inspection). In other words, for and enterprise, can we
have a hardened Linux box as a firewall that uses iptables by creating
the iptables rules using fwbuilder? How secure or insecure is it?


For my part, I am not enjoyed by the object based approach of fwbuilder.
I prefere Knetfilter or guarddog... But my choice is not stopped.
And I admit I haven't found the right software for now.


-Nabil.

-----Original Message-----
From: xyberpix [mailto:xyberpix@xyberpix.com] 
Sent: Saturday, October 16, 2004 3:18 PM
To: Nabil MALIK / KTEFH - OTAS
Cc: Firewalls[List]
Subject: Re: comments on fwbuilder

Hi Nabil,

Personally I would say google for IPtables, as there are a lot of good
tutorials out there, and you can learn how to write your own rules
really quickly, and at least this way you get exactly what you want out
of a firewall. fwbuilder is good, but you will get a lot better results
by doing it via the command line, even running "man iptables" will give
you a wealth of information.


This point of view is good to learn more about iptables.

Have a good day.
-- 
           Christophe

Attachment: signature.asc
Description: Digital signature

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Checkpoint Firewall Service Problem, NAVTEJ KOHLI
Next by Date:  Logs, just1coder
Previous by Thread:  RE: comments on fwbuilder, NabilM
Next by Thread:  RE: comments on fwbuilder, Jose Maria Lopez
Indexes:  [Date] [Thread] [Top] [All Lists]