Date: Wed, 24 Oct 2001 16:38:07 +1000 From: "MurrayTaylor" <MurrayTaylor@bytecraftsystems.com> To: "Julian Morgan" <jmorganmcse@hotmail.com>, <freebsd-questions@FreeBSD.ORG> Subject: Re: REQUEST FOR COMMENT Message-ID: <029f01c15c56$7183f220$2a7627cb@bytecraft.au.com> References: <F69p8eurQQtHT1DdQcp000011ad@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message -----
From: "Julian Morgan" <jmorganmcse@hotmail.com>
To: <freebsd-questions@FreeBSD.ORG>
Sent: Tuesday, October 23, 2001 4:48 PM
Subject: REQUEST FOR COMMENT
> people - I am very dissappointed here and wanted your opinions.. I have
helped set up a 7 site VPN between 2 states in Australia.
> 4 sites in Melbourne and 3 in Sydney.. The firewalls are running
FreeBSD4.3 and communicate with Cisco 827 routes on ADSL 2meg/386K...
> After setting all this up and starting a fresh in learning FreeBSD over
the past 8 months while the system has been running, we have had some crew
question the overall
> effectiveness of security and other issues.. As a result they believe that
it is better to get some certified hardware firewall that provider upgrades
patches, instead of having
> a Unix product which is open source and requires patches all the time,
updates ontop of the usual monitoring, and dedicate a person to basically be
ontop of all seven sites all the
> time....
> So besides the ISP sucking a little - it means we are going to have to
upgrade the whole VPN system - and tear out the BSD boxes and get some
hardware firewall!!!!!!!!
> hmm yet to see the doco on this equiptment...
> just wondered what your thoughts were
> Regards
> Julian
>
If it is any help...
We are running two linked sites (one in Melb, one in Syd) using
FreeBSD boxen as firewall, router, frame relay interface (netgraph)
VPN (mpd-netgraph) for our road worriers (warriors :0), Apache/Php web
server,
Postfix/Cyrus imap mail server, and samba hosts. (oh yeah Snort for IDS)
And yes we have some NT boxen too (mostly supporting legacy apps)
The bosses comment when we cut over to the FreeBsd boxen -
"Seems to run faster".
And now
"IT report please. .. Oh nothing to report huh? .. next business"
We are about to add a second Sydney site .... Same infrastructure
as we now have.
Barring to external datalink outages caused by (a) a lightning strike on a
Telstra line, and (b) some hiccup in a mid-country link somewhere
we have had 100% uptime on the FreeBSD boxen. (Cant say the same for the NT
boxen -
one in particular must be rebooted weekly as it falls over in 13 days
otherwise)
Paraphrasing someone else on this list
"telnet - dont allow it, use ssh"
"security patches - applied as they apply to our operations"
We have also been approached by various providers of hardware firewalls
and offsite email filtering services and thus far have not seen a tangible
benefit to us. Most of our time spent on IT support is user support and
the "How do I do this?" type questions.
Murray Taylor
Bytecraft Systems Pty Ltd
email: murraytaylor@bytecraftsystems.com
web(s): www.bytecraftsystems.com
www.bytecraftentertainment.com
>
> --------------------------------------------------------------------------
------
> Get your FREE download of MSN Explorer at http://explorer.msn.com
> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe
freebsd-questions" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?029f01c15c56$7183f220$2a7627cb>