Date: Mon, 27 Sep 1999 17:25:05 -0700 From: Lawrence Sica <larry@mail.interactivate.com> To: "Scott I. Remick" <scott@computeralt.com>, freebsd-security@FreeBSD.ORG Subject: Re: Help me win the MS-Proxy/ipfw war Message-ID: <4.2.0.58.19990927172008.00a59b40@mail.interactivate.com> In-Reply-To: <4.2.1.4.19990927195047.00d813e0@mail.computeralt.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At 08:05 PM 9/27/99 -0400, Scott I. Remick wrote: >Any advice to a small-time network admin for a small (32 employees) >company that is stuck in the MS_WAY = ONLY_WAY mindset? We are overdue >for a firewall but the PHB wants NT/MS-Proxy installed, while I'm arguing >for FreeBSD/ipfw instead. We already have a FreeBSD server managing >various tasks (and has done them VERY well, and doesn't crash), so this >isn't totally new (ipfw is but I've got books on order and will be reading up). > >THEY (everyone but me) want MS Proxy because we're a MCSP and they want us >to use what we're going to sell, so that we're familiar with it (the >suggestion that we use FreeBSD/ipfw and sell that too seems to have fallen >on deaf ears). Of course, the fact is that no one actually spends time on >this stuff other than me anyway, even though it's set up with the intent >that all techs can learn from what we have installed in-house. That >argument, too, seems to not be working. Nor the vast difference in >hardware requirements (what would you consider the recommended hardware >for a FreeBSD firewall gateway to a 128K ISDN link?). Cost of the actual >software is $0 in either event, as we get to use MS software for free due >to our MCSP status. You could do it for a $1000 or less server easily. Also MS Proxy isn;t a true firewall i believe, it's a proxy server. >I need help, as it's me against the masses and I seem to be unable to win >them over. The best I've managed is to keep them from making the final >decision (only reason we don't have a firewall already). I'm also faced >with them wanting to move ALL mail services to the Exchange server (right >now only internal Exchange mail gets handled by it, and it routes all >internet mail through the FreeBSD box. The Exchange server itself is >blocked from the internet at the router) as well as move our website from >FreeBSD/Apache to NT/IIS (UGH!). You could point out that MS itself uses FreeBSD for Hotmail. Also Yahoo, cdrom.com, mp3.com and alot of high traffic sites use FreeBSD with no ill effect. As for moving mail service..mention how the Melissa virus was spread so easily due to MS-Exchange servers that should make them think. Also what about the if it aint broke dont fix it philosophy? >I wish there were more advocates on my side working here to back me up, >but alas, we are small, and it's just me, and the boss is in bed with MS >it seems. We have some networking techs who do stuff for customers, and >they're against me because 1) MS software failures give them a daily >source of billable hours, and 2) they resent the FreeBSD server because it >makes them look bad, never crashing, while their NT servers need constant >attention/reboots. Well telling the boss that it will be cheaper in administration costs could help. Do a breakdown of time spent admin each server and show him the cost analysis that way. Say it wil lbe X dollars per month and maybe a breakdown of downtime? If they servers need daily attention then make a chart showing it..like the commercials for kinko's.. Suits love graphs and numbers..if you could present hard numbers and pretty pictures that might help sway them.. HTH --larry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.0.58.19990927172008.00a59b40>