Date: Thu, 1 Mar 2001 01:26:08 -0800 From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: <bcohen@bpecreative.com>, "freebsd-questions" <freebsd-questions@FreeBSD.ORG> Subject: RE: FreeBSD Firewall vs. Black Ice Message-ID: <001001c0a231$a5e1a6a0$1401a8c0@tedm.placo.com> In-Reply-To: <NNEMIHKLBKHCIJHJJFGPMEFEDMAA.bcohen@bpecreative.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>-----Original Message----- >From: owner-freebsd-questions@FreeBSD.ORG >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Bob Cohen >Sent: Friday, February 28, 2020 8:29 PM >To: freebsd-questions >Subject: FreeBSD Firewall vs. Black Ice > > >Is the FreeBSD firewall more secure than using Black Ice. YES, absolutely no question about it, and here is why: Black Ice's code is not open - thus there's no peer-review. FreeBSD's code IS open - thus peer review. It's like asking which set of scientific research studies is more reliable - the set that was developed by one group that only publishes results and not methodology, or the set that was developed by a group that not only publishes results but the entire methodology, so that the study can be reviewed by the rest of the scientific community. HOWEVER - there's a catch, just like in everything else - see below: >This might seem like an apples and oranges question except I >just got a cable modem, which is currently connected to a >win2k box. I've been using Black Ice's Network ice as a >firewall but am not confident that its working because I >received some intrusions yesterday and now some files seem >to be disappearing. I already have a copy of FreeBSD >installed on one of the computers in my office, which I >intended to set up as a firewall/gateway. Being far too >busy, I opted for Black Ice as it seemed to provide a quick >and easy solution. > There's nothing wrong with quick and easy in the hands of someone experienced with the product. After all, if my job was setting up security firewalls (it isn't) then I'd be doing something wrong if setting up a firewall wasn't quick and easy to do - for me, that is. >As a result of those intrusions I'm feeling the need for as >robust a barrier between my network and the internet as >possible. Will FreeBSD help me accomplish my goal? > If you are more experienced with FreeBSD than Black Ice, then you can accomplish this. However, if you are not experienced with _either_ of them, then it's very unlikely that you will be able to set up a robust security barrier with either of them until you GET experienced. Many people will say that a firewall set up by an inexperienced person is worse than none at all, because it gives the inexperienced person a secure feeling when no real security actually exists. So, what the catch is, is that what really matters is which product do you want to invest the time into? If it's Black Ice and you invest the time into it, you should be able to gain the experience needed to make it and keep it secure. If it's FreeBSD and you invest the time into it, you should be able to gain the experience needed to make it and keep it secure. However, if your not willing to invest the time into either, then you should look at paying someone who has the experience to do this for you. One advantage of using FreeBSD is that the FreeBSD server CAN be remotely administered. You could, for example, set up your FreeBSD system then get a FreeBSD consultant to ssh into your server and set a really tight access list for you. Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com >Bob Cohen >bcohen@bpecreative.com > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001001c0a231$a5e1a6a0$1401a8c0>