Date: Thu, 24 Apr 1997 13:06:21 -0400 From: Mike Tancsa <mike@sentex.net> To: Jim Shankland <jas@flyingfox.com>, freebsd-isp@freebsd.org, security@freebsd.org Subject: Re: Commercial vs built in firewall capabilities of FreeBSD Message-ID: <3.0.1.32.19970424130621.00b82320@sentex.net> In-Reply-To: <199704241628.JAA08107@biggusdiskus.flyingfox.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At 09:28 AM 4/24/97 -0700, Jim Shankland wrote: >Part of what you're buying in a commercial firewall is expertise: >packaged implicitly in the product, ongoing support services, and >in some cases, bundled consulting services with firewall setup. > >Yes, you can roll a pretty good firewall with FreeBSD, socksv5, >ssh, etc. It just takes some expertise and time. Whether you're >better off spending that (assuming you have it), or spending the >money for a commercial product, is purely a business decision. Thanks for the response. Yes, this is the way my boss and I have looked at it. We decided to investigate the project as much as possible ourselves, because we see this as a potentially new market for us to get into... i.e. low cost security solutions to our customers. For example, we have several non-profit organizations who would like to have some firewalling solutions, but do not have a great deal of money to spend.. So far, FreeBSD+ SKIP to do VPN seems like an enticing solution for *some* situations... We have setup many FreeBSD boxes and can do it quite quickly from scratch now, so the skill set is already there... To go to a new dedicated customer and say "look, we can give you a unit that will act as your gateway, provide decent security for your LAN for basically the cost of the hardware, plus our consulting fee, or you can go with one of these commercial products for $XXX, and will provide you with YYY features that the other solution wont give you", gives us that much more flexibility... I guess what I am really after in asking these questions is a response like "FreeBSD + its security software ? No way! You cant protect against XXXXX attacks... Its crucial!" But so far, I havent seen any show stoppers... One thing I have found somewhat suprising in this research project is the reaction to Microsoft's PPTP RFC, or to be more precise, the lack of reaction to it. I did a search through Dejanews (for those of you who havent tried it, check out http://www.dejanews.com), and found absolutely no mention of in in the FreeBSD mailing lists, or in the newsgroups, and hardly any mention of it even in comp.unix*... Is it because its a Microsoft initiative ? ---Mike ********************************************************************** Mike Tancsa (mike@sentex.net) * To do is to be -- Nietzsche Sentex Communications Corp, * To be is to do -- Sartre Cambridge, Ontario * Do be do be do -- Sinatra (http://www.sentex.net/~mdtancsa) *
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.1.32.19970424130621.00b82320>