[TriLUG] Firewalls

Cristobal Palmer cristobalpalmer at gmail.com
Mon Jul 10 17:50:46 EDT 2006 

You can do OpenVPN on OpenBSD [1]. You can also do stateful filtering
with pf. If he really wants you to switch, he needs better arguments.
Update to obsd 3.9 and go on with life.

-CMP

[1] http://undeadly.org/cgi?action=article&sid=20050727020729

On 7/10/06, Lee Fickenscher <elfick at mac.com> wrote:
> I just received an "audit" report that I'm supposed to discuss at a
> meeting tomorrow. Part of that report covers my firewall. The current
> firewall is OpenBSD 3.5 (yes, a bit out of date). My question regards
> the wording of the report. It talks about "generations" of firewalls
> (first gen, second gen...) I've never heard of the term generations
> used to discuss firewalls. Has anyone heard of this term used with
> firewalls?
>
> While the auditor might have been general competent, and certainly
> was more knowledgeable about Windows than I am, I don't feel that he
> is really up on security. He recommends replacing my box with a
> Sonicwall unit, which, if I understand correctly, is just a dedicated
> Linux box. I don't see how that gains me much more than a pretty
> interface. His company is most likely a Sonicwall reseller, but I
> don't think he is even aware what the Sonicwall runs under the covers.
>
> Pertinent text follows verbatim:
>
> "Your current Firewall is a PC running a version of OpenBSD (Unix).
> This solution is a Firewall but it has only the most basic Firewall
> capabilities of NAT and port blocking. This type of Firewall was
> current technology found several years ago in first generation
> Firewalls. Current Firewall technology is its Fourth generation and
> includes such features as Antivirus, Anti-Spyware, Content Filtering,
> and Intrusion Prevention. The idea is that the more stuff you block
> at the perimeter the better your whole network will perform. The
> Sonicwall solution we are proposing also has the ability to do both
> software and hardware VPN if at a future date you wish to implement
> secure Internet connections from remote sites."
>
> Any input is appreciated (preferably constructive) particularly from
> any of the security experts out there.
>
> Thanks,
> Lee
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>


-- 
Cristobal M. Palmer
UNC-CH SILS Student
TriLUG Vice Chair
cristobalpalmer at gmail.com
cmpalmer at ils.unc.edu
ils.unc.edu/~cmpalmer
"Television-free since 2003"

<tarheelcoxn> iank has trouble with English. his native language is Python
<iank> Yeah
<iank>   I'm forced
<iank>     To indent
<iank>   My sentences

More information about the TriLUG mailing list