On Mon, 17 Apr 2000, Graham Hemmings wrote:
> Linux is great as a firewall but only does packet filtering - correct me if
> I'm wrong - I'm sure someone will.
> The standard IOS that comes with Cisco routers can only do basic filtering
> (in terms of firewalls), I would recommend using the firewall IOS (the
> extra RAM would be useful) which has some stateful inspection features that
> are more secure.
The nice thing about using Linux as a firewall is you can add software as
you go. So if you feel the need to go beyond packet filtering, you can
start using tools like portsentry and snort. Not to mention have the
firewall email or page when there is a problem. The options are pretty
much limitless, where with Cisco you are pretty much stuck with what IOS
does or Cisco will sell you.
Personally, given some of the history with IOS, I'd rather use an open
source product (yes, I know IOS is completely secure and stable...until it
isn't).
$.02
Bill Carlson
------------
Systems Programmer [EMAIL PROTECTED] | Opinions are mine,
Virtual Hospital http://www.vh.org/ | not my employer's.
University of Iowa Hospitals and Clinics |
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
