From owner-freebsd-isp Tue May 26 12:53:00 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA07046 for freebsd-isp-outgoing; Tue, 26 May 1998 12:53:00 -0700 (PDT) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from elvis.mu.org (elvis.mu.org [206.156.231.253]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA07026 for ; Tue, 26 May 1998 12:52:52 -0700 (PDT) (envelope-from josh@frantastic.com) Received: from localhost (josh@localhost) by elvis.mu.org (8.8.8/8.8.8) with SMTP id OAA05563 for ; Tue, 26 May 1998 14:52:53 -0500 (CDT) (envelope-from josh@frantastic.com) Date: Tue, 26 May 1998 14:52:53 -0500 (CDT) From: Josh X-Sender: josh@elvis.mu.org To: isp@FreeBSD.ORG Subject: Re: Firewall software In-Reply-To: <356AF394.C1AF1DC3@createtech.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 26 May 1998, Kim Shrier wrote: > Firewall-1 only runs on NT > and uses "statefull inspection" as its method of providing protection. > This is considered to be less secure than proxies. Since maintaining > anything on NT is a pain, I usually avoid NT if at all possible. Actually, firewall-1 will run on NT, HP-UX, AIX, Solaris and SunOS. The firewall client that is used to maintain firewall-1 can be run from windows95/nt or an a motif application under xwindows, regardless of which type of platform the engine runs on. It is true that stateful inspection does not offer the same protection that a proxing system might for a particular protocol, but it does provide protection independent of application level protocol (ie it's modular). It's also very common to combine firewall-1 with some type of a proxy server to provide greater protection. josh franta mailto:josh@frantastic.com http://frantastic.com/josh/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message