Date: Tue, 28 Sep 1999 11:05:36 +1000 (EST) From: Nicholas Brawn <ncb@zip.com.au> To: "Scott I. Remick" <scott@computeralt.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Help me win the MS-Proxy/ipfw war Message-ID: <Pine.LNX.4.10.9909281045040.4893-100000@zipperii.zip.com.au> In-Reply-To: <4.2.1.4.19990927195047.00d813e0@mail.computeralt.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 27 Sep 1999, Scott I. Remick wrote: > Any advice to a small-time network admin for a small (32 employees) company > that is stuck in the MS_WAY = ONLY_WAY mindset? We are overdue for a > firewall but the PHB wants NT/MS-Proxy installed, while I'm arguing for > FreeBSD/ipfw instead. We already have a FreeBSD server managing various > tasks (and has done them VERY well, and doesn't crash), so this isn't > totally new (ipfw is but I've got books on order and will be reading up). > I recently migrated one network from using a permanent ppp connection with a wintel machine running wingate to a freebsd system running a combination of tis fwtk and ipfw. As I can assure you, the performance and reliability of the connection, not to mention the security, is quite impressive (comparitively speaking). In terms of whether such a setup will suit your environment, you really need to outline what it is your system will need to be able to do. This will help you identify what you will need to provide that functionality The reality is that whatever solution you go for, will end up sitting in the corner being maintained on a fairly infrequent basis - so long as it does its job. The argument that "we sell it therefore we must use it" is a valid one. But you don't "tinker" or "practice" on a production machine running as a gateway. If they sincerely want to get MS Proxy in use internally, then give them a development box to play with. My $0.02. Cheers, Nick -- Email: ncb@zip.com.au (or) nicholas.brawn@hushmail.com Key fingerprint = 71C5 2EA8 903B 0BC4 8EEE 9122 7349 EADC 49C1 424E To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.10.9909281045040.4893-100000>