From owner-freebsd-security Mon Sep 27 20: 6:31 1999 Delivered-To: freebsd-security@freebsd.org Received: from dfw-ix6.ix.netcom.com (dfw-ix6.ix.netcom.com [206.214.98.6]) by hub.freebsd.org (Postfix) with ESMTP id 8004014D98 for ; Mon, 27 Sep 1999 20:06:27 -0700 (PDT) (envelope-from scrantr@ix.netcom.com) Received: (from smap@localhost) by dfw-ix6.ix.netcom.com (8.8.4/8.8.4) id WAA09807; Mon, 27 Sep 1999 22:05:35 -0500 (CDT) Received: from col-oh34-18.ix.netcom.com(207.220.178.18) by dfw-ix6.ix.netcom.com via smap (V1.3) id rma009430; Mon Sep 27 22:04:03 1999 Message-ID: <37F0302D.9300CB87@ix.netcom.com> Date: Mon, 27 Sep 1999 23:04:13 -0400 From: Richard Scranton Reply-To: scrantr@ix.netcom.com Organization: Computer Associates, Global Professional Services X-Mailer: Mozilla 4.61 [en] (Win95; U) X-Accept-Language: en MIME-Version: 1.0 To: "Scott I. Remick" , freebsd-security@freebsd.org Subject: Re: Help me win the MS-Proxy/ipfw war References: <4.2.1.4.19990927195047.00d813e0@mail.computeralt.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org To quote Bill Clinton, "I feel your pain." I work for Computer Associates Global Professional Services, and there is much of the same sentiment here. The M$ dreck is a very real source of revenue that no one wants to impair. Here, they've gone so far as to reorganize the various departments so that "Open Systems" includes Microsoft products. You can well imagine how long someone who know better would choke on that one. The way I've dealt with it up to now is to install the FreeBSD solution at several client sites as "an after-thought" to allow on-site developers safe and cheap access to the internet while they are working. At the conclusion of the project, the customer almost always asks that we "leave the FreeBSD proxy/firewall system in place." That establishes the particular technology as "prior art" at a customer site. The customers are delighted, and my M$-blinded coworkers are treated to periodic tirades from me about "How is it we sell this stuff and have no clue how to use it ourselves?" whenever the latest batch of bad bits from Redmond falls over. Then follows the observation that "companies XXX and ZZZ have been using one of our firewall/proxy installations for months without trouble. What are *you* doing wrong?" :) I'm very popular there. :) :) "Scott I. Remick" wrote: > > Any advice to a small-time network admin for a small (32 employees) company > that is stuck in the MS_WAY = ONLY_WAY mindset? We are overdue for a > firewall but the PHB wants NT/MS-Proxy installed, while I'm arguing for > FreeBSD/ipfw instead. We already have a FreeBSD server managing various > tasks (and has done them VERY well, and doesn't crash), so this isn't > totally new (ipfw is but I've got books on order and will be reading up). > > THEY (everyone but me) want MS Proxy because we're a MCSP and they want us > to use what we're going to sell, so that we're familiar with it (the > suggestion that we use FreeBSD/ipfw and sell that too seems to have fallen > on deaf ears). Of course, the fact is that no one actually spends time on > this stuff other than me anyway, even though it's set up with the intent > that all techs can learn from what we have installed in-house. That > argument, too, seems to not be working. Nor the vast difference in > hardware requirements (what would you consider the recommended hardware for > a FreeBSD firewall gateway to a 128K ISDN link?). Cost of the actual > software is $0 in either event, as we get to use MS software for free due > to our MCSP status. > > I need help, as it's me against the masses and I seem to be unable to win > them over. The best I've managed is to keep them from making the final > decision (only reason we don't have a firewall already). I'm also faced > with them wanting to move ALL mail services to the Exchange server (right > now only internal Exchange mail gets handled by it, and it routes all > internet mail through the FreeBSD box. The Exchange server itself is > blocked from the internet at the router) as well as move our website from > FreeBSD/Apache to NT/IIS (UGH!). > > I wish there were more advocates on my side working here to back me up, but > alas, we are small, and it's just me, and the boss is in bed with MS it > seems. We have some networking techs who do stuff for customers, and > they're against me because 1) MS software failures give them a daily source > of billable hours, and 2) they resent the FreeBSD server because it makes > them look bad, never crashing, while their NT servers need constant > attention/reboots. > > Thanks in advance. > > ----------------------- > Scott I. Remick scott@computeralt.com > Network and Information (802)388-7545 ext. 236 > Systems Manager FAX:(802)388-3697 > Computer Alternatives, Inc. http://www.computeralt.com > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- You can have it fast, good, and cheap. Pick any two. _________________________________________________________________ web page email To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message