I use pktfilter and good well configured software too secure Windows systems from 2000 and newer. See http://www.hsc.fr/ressources/outils/pktfilter/inde x.html.en
For Linux I use Iptables and good well configured software to secure the system.
And top of that if necessary I use gwateways to segment net and filter trafic, either per trafic type with source, destination, time (most are fine) and sometimes I use application proxies.
However I do not like firewalls at all, these are just needed since we can't properly configure our software with poor quality. Same arguments applies for ant-virus.
The thing with firewalls is not to block trafic securely, it is to pass trafic securely. And therefore we still need better configured software with better quality. 1000's of Cisco Pix firewall in a chain still can't secure a loousy public web server.
Joakim Nordberg
Slashdot Mirror
I use pktfilter and good well configured software too secure Windows systems from 2000 and newer. See http://www.hsc.fr/ressources/outils/pktfilter/inde x.html.en
For Linux I use Iptables and good well configured software to secure the system.
And top of that if necessary I use gwateways to segment net and filter trafic, either per trafic type with source, destination, time (most are fine) and sometimes I use application proxies.
However I do not like firewalls at all, these are just needed since we can't properly configure our software with poor quality. Same arguments applies for ant-virus.
The thing with firewalls is not to block trafic securely, it is to pass trafic securely. And therefore we still need better configured software with better quality. 1000's of Cisco Pix firewall in a chain still can't secure a loousy public web server.
Joakim Nordberg
we wouldnt get these so easy to read EULA's