Should You Fire Your Firewall?

← Back to Stories (view on slashdot.org)

Should You Fire Your Firewall?

Posted by simoniker on Wednesday March 10, 2004 @04:05PM from the services-no-longer-required dept.

Gsurface writes "A lengthy article over at Flexbeta.net focuses on firewall applications and how well they perform as far as securing your system. Four typical firewall applications were tested including two routers, one being the Cisco 831 SOHO, which performed rather well. In total, nine security test were conducted to measure how well each firewall performed."

6 of 50 comments (clear)

Min score:

Reason:

Sort:

Crap by Old+Uncle+Bill · 2004-03-10 16:29 · Score: 4, Insightful

Any review of security/firewalls using Gibson's crappy analysis tools is beyond flawed. I would take all of this review with a grain or two of salt.

--
Yes, I am an agent of Satan, but my duties are largely ceremonial.
Re:I don't appreciate the hardware very much... by nocomment · 2004-03-10 16:29 · Score: 4, Insightful

Same here. Most of my company firewalls are running OpenBSD with PF. There's 1 linux box that is getting replaced very soon. Typical setup is 4 or 5 nics, multiple NAT's yadda yadda. plus now that OpenBSD is giong to have CARP in 3.5, you will have an auto-failover with a maintained state to another machine. This plus transparent squid caching, allows us to have about 100 users per T-1 with no complaints.

--
/* oops I accidentally made a comment, sorry */
/* http://allyourbasearebelongto.us */
Re:The Shields Up! Test by boneshintai · 2004-03-10 16:40 · Score: 2, Insightful

(For reference port 113 is the 'ident' identification protocol. Anyone using this for serious authentication should be shot.)
Re:I don't appreciate the hardware very much... by nocomment · 2004-03-10 17:02 · Score: 2, Insightful

Actually most home cable/DSL routers run a small embedded Linux distro

Linux isn't bad because the OS can't handle the job, but rather because they just don't have the really wide backplane like the Cisco's have. If you were able to get a linux box with a backplane like what cisco uses linux would be jsut as effective, albeit perhaps not as robust as IOS.

--
/* oops I accidentally made a comment, sorry */
/* http://allyourbasearebelongto.us */
Re:The Shields Up! Test by Micro$will · 2004-03-10 17:30 · Score: 3, Insightful

Don't a large number of ISPs have upstream firewalls anyway? I'm on Comcast, and I'm pretty sure that there is a firewall upstream.

A lot of ISPs block certain ports, but which ones? Where are they blocked? Are they blocked all the time, or only during peak hours? You may be safe from a Shields Up scan, but are you safe from the 3|337 hax0r down the street?

Trusting my ISP to keep my computer secure is like trusting public transportation to be on time. If I *must* be somewhere at a certain time, I'd rather leave a little early or drive just in case.
YRO? by winsk · 2004-03-10 17:56 · Score: 5, Insightful

Does this really belong in the Your Rights Online section?