[plug] Firewall Boxed Solutions

Jason Nicholls jason at mindsocket.com.au
Fri Aug 18 12:00:56 WST 2000


G'day list,

On Fri, Aug 18, 2000 at 11:50:28AM +0800, Anthony J. Breeds-Taurima wrote:
> On Fri, 18 Aug 2000, Earnshaw, Mike wrote:
> > We have an urgent need for a Linux based firewall solution to connect
> > three corporate networks. It was recommended that we use commercial
> > products due to time for preparation / install being at a premium. I
> > vaguely remember an article somewhere for a Linux flavour that had
> > Firewall, Wed Server etc. You bought the flavour and voila ....
> > 
> > Just looking for some feedback or pointers from more experienced
> > persons. We can not afford the "big" solutions like Firewall-1 or Cisco
> > boxes.
> 
> WatchGuard (http://www.watchguard.com/) are firewall boxes that run Linux 
> (in fact they paid rusty ,ipchains mainterner, to hack on the kernel for 
> quite some time)  I don't know about costs BUT they maybe worth looking into.

The WatchGuard fireboxes are real expensive, you're looking in the $4k+ range -
but they are coloured red (that means they go fasta) ;)

It's not like the WatchGuards running linux means that you can use it like a
normal linux box, they are tailored (ie: haXoR3d) to the task of firewalling
and VPN. The interface is via a web browser or win/unix client (i thinks).

Don't quote me on this, it's been a while.

> If you prefer a more DIY solution then any linux box should do the trick.

You can grab some hardening scripts from somewhere. I believe Bastille
Linux do this for RedHat distributions. (www.bastille-linux.org)

quoting from the linux-focus mailing list:

Suse 6.4 comes with hardSuSE, which is thier version of bastille, and it
also comes with kernel security modules, argus, arpwatch, saint, nmap,
nessus, portlogd, tripwire, scslog (kernel level socket tracing), pgp,
and vpass (verify passwords with cracklib), and don't i think the us
distro comes with ssh, but don't quote me on that i'm not real sure if i
had it downloaded or installed it off the cd.  with all of these tools
and a little knowledge there is no reason why any suse box is left
unsecure (lazyness)



Later,

Jason Nicholls
--------------------------------------------------------------------
Jason Nicholls    icq: 11745841    email: <jason at mindsocket.com.au>
Proprietor                        mobile: 0417 410 811
Mind Socket [web services]          http://www.mindsocket.com.au/
--------------------------------------------------------------------



More information about the plug mailing list