Linux is great as a firewall but only does packet filtering - correct me if
I'm wrong - I'm sure someone will.
The standard IOS that comes with Cisco routers can only do basic filtering
(in terms of firewalls), I would recommend using the firewall IOS (the
extra RAM would be useful) which has some stateful inspection features that
are more secure.
It also a good idea to have two different firewalls (Linux & Cisco in your
case) so that if the first line is compromised then the second hopefully
cannot be compromised by the same method - being of a different brand.
Reams have been written on firewall design and general network security
design. If you are going to be responsible for the security of your Office
I would suggest you start reading up! I hope that doesn't sound rude, it
wasn't meant to be but keeping up to date on security can be a full-time job!
Good Luck
Graham....
At 10:48 13/04/00 -0700, you wrote:
>we are getting a cisco 2524 router and i have a question about the ios
>firewall software. if we are going to be using a linux box for the
>firewall, do we really need to buy the ios firewall software too? we
>usually have other companies supply the firewall when our clients get
>t1's or whatnot, but this one is going to be at the office, and im cisco
>stupid. its a 2524 modular router w/3 open slots with a fraction/full
>t1 DSU/CSU interface. it comes with 8mb of ram and i was also wondering
>if we should get an extra 8mb module or just leave it be? thanks for
>the help.
>--
>---------------------
>Steve Dixon
>Dpn, Incorporated
>System Administrator
>Phone - 702.873.3282
>Email - [EMAIL PROTECTED]
>---------------------
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
