I had assumed that x86 boxes are so pervasive that ultimately whatever task you
use them for will in general be more powerful than dedicated hardware, due to
the length of time it takes to design and spec up a hardware appliance.
I forget that not everyone wants to rely on support coming from the internet
community in general, and option of support is probably a big one for
businesses when considering risk management.
And I guess any firewall no matter how intrinsically secure it is will be
useless if it's misconfigured...
Many thanks,
Joe
-----Original Message-----
From: James Riden [mailto:j.riden@massey.ac.nz]
Sent: 10 June 2005 00:24
To: Joseph (Joe) Lynn
Cc: firewalls@securityfocus.com
Subject: Re: Open Source vs Proprietary
"Joseph (Joe) Lynn" <Joe.Lynn@tiniusolsen.co.uk> writes:
Do people just buy firewalls because they canʼt be bothered to learn
to set up Open Source systems, or is there more to this that Iʼm
missing?
Dedicated hardware firewalls may give you better performance than an
x86 box running any flavour OS. Your boss may also feel better about
being able to get support for the latter should you fall under a bus.
Misconfiguration and poor change control is one of the biggest
problems with firewalls, and pf isn't going to be any better than a
proprietary vendor in that regard.
Use whatever's best for you - I'm a happy user of snort and Cisco
firewalls.
cheers,
Jamie
--
James Riden / j.riden@massey.ac.nz / Systems Security Engineer
GPG public key available at: http://www.massey.ac.nz/~jriden/
This post does not necessarily represent the views of my employer.
