...if you really want a sophisticated firewall. Leading
edge stuff. Appliance-based and very, very powerful.
Not for kids with laptops. Scalable in a very significant
way. I've worked with Checkpoint, Cisco, Juniper, and
a few others. Stonesoft has passed these guys.
Otherwise, openbsd with pf. But, it's a PITA to configure,
and you have to be careful or you'll open up holes you
didn't intend to.
Or, any good gui-based ipfilter package like the ones
mentioned here, if you just want something installed,
up and running, and cheap, without needing a doctorate
in networking.
In the end, remember that a firewall is only as good
as its ruleset, and design your network around the
principle of defense in depth.
Rules of thumb:
proxy all connections in and out,
no direct connections from outside to internal LAN,
run multiple DMZs, and
use multiple firewalls for different assets.
Avoid using the same vendor for all of your security
products, so if there's an exploit in the wild and
a patch is forthcoming, you're entire infrastructure
isn't vulnerable, only a part.
Run a commercial IDS. Snort sucks (sorry, snort
fans, I'm just not that impressed, having been
forced to use it for several years now). But at
least it's free, except for the hundreds of
manhours you'll spend debugging and tuning.
Install access rules on your routers. Use port
security. Avoid any Microsoft OS on your DMZ.
Sounds like a voice of reason.
The mere fact that we think we can control the climate is the real root
of the problem.
We can't control the weather; what makes us think we can control the climate?
We can't predict the weather; what makes us thing we can predict the climate?
Playing god is a dicey thing at best.
Now, we can acknowledge that:
1) climate change is happening (it is),
2) we can come to a somewhat tenuous conclusion that CO2 has a, say,
causal relationship (not absolute, but to a degreee).
But:
3) to move from that to "knowing" the CO2 is to a high degree the cause,
4) to judging that this "cause" is a bad thing (change is always happening;
therefore change is normal, not bad),
5) to judging that said change would be extreme enough to cause deaths (moreso
than any other normal climatic change in the past 1,500 years),
6) and then even farther along to "knowing" we must immediately put in place
an exceedingly expensive solution (understatement of the year)
This is not good science.
In fact, that are many benefits to global warming. There are much fewer
benefits to global cooling. We should be happy that the former is happening
rather than the latter.
The gun has been called the great equalizer. Why? Long story, and not needed here, but essentially it levelled the playing field.
Any idiot could now kill the greatest swordsman alive with one shot. Imagine: devoting your life to the study of swordplay, mastering that skill, and now, you're in a fight with an old out of shape, unskilled, uncoordinated idiot with a hand-cannon. Ack!
Or, imagine being the intellectual, uncoordinated, 110 lbs. wet good-guy with a sword you can barely lift, not to mention swing hard, confronting the two-handed sword-wielding , 220 lb. all-muscle bad-guy. Think Conan gone bad.
Now give yourself a shotgun...
There's a nice symbolism here also: our constitution levelled the playing field among the classes; any person fresh off a boat could accomplish almost anything, and often did.
Jud.
BSD is great, but it's just not going to make inroads into the server market without SMP. It's fine for us amateurs with racks at home and 384k upload at best, but for business that really need to crank it up, OpenBSD falls short.
What's great about Open over Free (and most Linux distros) is simply that one can go from zero to installed, up and running in no time flat. The need to secure the OS is minimal (though as another said, why portmap and why inetd?), which also greatly reduces time to production. And no worries about all of those "extra" packages that one doesn't want installed that get installed whether you like it or not, and then having to find a way to yank them out.
Slashdot Mirror
Not for kids with laptops. Scalable in a very significant way. I've worked with Checkpoint, Cisco, Juniper, and a few others. Stonesoft has passed these guys.
Otherwise, openbsd with pf. But, it's a PITA to configure, and you have to be careful or you'll open up holes you didn't intend to.
Or, any good gui-based ipfilter package like the ones mentioned here, if you just want something installed, up and running, and cheap, without needing a doctorate in networking.
In the end, remember that a firewall is only as good as its ruleset, and design your network around the principle of defense in depth.
Rules of thumb:
proxy all connections in and out, no direct connections from outside to internal LAN, run multiple DMZs, and use multiple firewalls for different assets.
Avoid using the same vendor for all of your security products, so if there's an exploit in the wild and a patch is forthcoming, you're entire infrastructure isn't vulnerable, only a part.
Run a commercial IDS. Snort sucks (sorry, snort fans, I'm just not that impressed, having been forced to use it for several years now). But at least it's free, except for the hundreds of manhours you'll spend debugging and tuning.
Install access rules on your routers. Use port security. Avoid any Microsoft OS on your DMZ.
You get the picture...
Sounds like a voice of reason. The mere fact that we think we can control the climate is the real root of the problem. We can't control the weather; what makes us think we can control the climate? We can't predict the weather; what makes us thing we can predict the climate? Playing god is a dicey thing at best. Now, we can acknowledge that: 1) climate change is happening (it is), 2) we can come to a somewhat tenuous conclusion that CO2 has a, say, causal relationship (not absolute, but to a degreee). But: 3) to move from that to "knowing" the CO2 is to a high degree the cause, 4) to judging that this "cause" is a bad thing (change is always happening; therefore change is normal, not bad), 5) to judging that said change would be extreme enough to cause deaths (moreso than any other normal climatic change in the past 1,500 years), 6) and then even farther along to "knowing" we must immediately put in place an exceedingly expensive solution (understatement of the year) This is not good science. In fact, that are many benefits to global warming. There are much fewer benefits to global cooling. We should be happy that the former is happening rather than the latter.
The gun has been called the great equalizer. Why? Long story, and not needed here, but essentially it levelled the playing field. Any idiot could now kill the greatest swordsman alive with one shot. Imagine: devoting your life to the study of swordplay, mastering that skill, and now, you're in a fight with an old out of shape, unskilled, uncoordinated idiot with a hand-cannon. Ack! Or, imagine being the intellectual, uncoordinated, 110 lbs. wet good-guy with a sword you can barely lift, not to mention swing hard, confronting the two-handed sword-wielding , 220 lb. all-muscle bad-guy. Think Conan gone bad. Now give yourself a shotgun... There's a nice symbolism here also: our constitution levelled the playing field among the classes; any person fresh off a boat could accomplish almost anything, and often did. Jud.
BSD is great, but it's just not going to make inroads into the server market without SMP. It's fine for us amateurs with racks at home and 384k upload at best, but for business that really need to crank it up, OpenBSD falls short.
What's great about Open over Free (and most Linux distros) is simply that one can go from zero to installed, up and running in no time flat. The need to secure the OS is minimal (though as another said, why portmap and why inetd?), which also greatly reduces time to production. And no worries about all of those "extra" packages that one doesn't want installed that get installed whether you like it or not, and then having to find a way to yank them out.
That said, yes, I pre-ordered my CDs.
Jud.