Date: Sun, 4 Mar 2001 01:23:24 -0800 From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: "Roelof Osinga" <roelof@eboa.com> Cc: <bcohen@bpecreative.com>, "freebsd-questions" <freebsd-questions@FreeBSD.ORG> Subject: RE: FreeBSD Firewall vs. Black Ice Message-ID: <002801c0a48c$c376e6a0$1401a8c0@tedm.placo.com> In-Reply-To: <3AA1C457.E28E40AF@eboa.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>-----Original Message----- >From: Roelof Osinga [mailto:roelof@eboa.com] >Sent: Saturday, March 03, 2001 8:28 PM >To: Ted Mittelstaedt >Cc: bcohen@bpecreative.com; freebsd-questions >Subject: Re: FreeBSD Firewall vs. Black Ice > > >Ted Mittelstaedt wrote: >> >> ... >> However, if your not willing to invest the time into either, then >> you should look at paying someone who has the experience to do this >> for you. One advantage of using FreeBSD is that the FreeBSD server >> CAN be remotely administered. You could, for example, set up your >> FreeBSD system then get a FreeBSD consultant to ssh into your server >> and set a really tight access list for you. > >But that's just it, isn't it. A cost-benefit analysis. I.e. how much >will it cost to detect and restore a cracked site versus the cost >to make it a tad bit more harder to crack the site. > No, because there's different levels of security. If all you want is a quick and dirty firewall, then run NAT on a $100 LinkSys, plug that into your DSL line, and be done with it. You won't be able to serve off webpages with the default NAT on that, nor will you be able to run many network games (whcih can't work though NAT) but you probably won't get cracked either - at least, not cracked in the sense of the word that attackers are going to destroy or steal files. The truth is that most attacks these days consist of the Denial Of Service type. Such an attack won't cost you anything because they can't get in and destroy things, and protecting from them is simple - you just shut down everything. Of course the attack does cost you if the loss of network access will cost you money, but not direct costs - just loss of potential revenue, which is speculative anyway. Where firewalling gets costly, as in sucking up your time or paying someone else, is when you want to have your cake and eat it too - ie: you want to be protected, but you also want to offer services or do different things, and you also want the firewall to be invisible to you, from the inside. >Personally I'ld rather err on the safe side, but MicroSoft has shown >by its continued existence that the world thinks otherwise. IOW MS >grocks the world, sad as it may be. > Remember that Microsoft products are designed for internal corporate use, not external Internet server production use. Internal corporate networks are generally more friendly than the public Internet. Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com >The last statement you made, however, is I think unbeatable by >whatever PC/Anywhere gadget out there. Remote administration is >not where NT++**?? shines. > >Roelof > >-- >----------------------------------------------------------------------- >EBOAź web. http://EBOA.com/ > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002801c0a48c$c376e6a0$1401a8c0>