Absolutely. A PC running one of the free Un*xes and screend, or
whatever custom kernel hacks you like, is a very viable alternative to a
packet-filtering router -- for relatively low-speed applications. If all
you're doing is filtering a single 56K line, and you're on a budget, it's a
good solution.
What a router buys you, for your extra money, is more performance and
(at least from some vendors) a more integrated solution. With a PC plus
screend, you're pretty much in a roll-your-own situation, in terms of the
additional support that should surround your packet screen. Odds are, you'll
be able to borrow some stuff from others who have rolled their own, but
you're still going to be cobbling something together.
For many sites, a relatively low performance solution, with cobbled
together support, is fine. On the other hand, if you need to do filtering on
larger amounts of data, if you have security needs large enough to give you a
meaningful budget, and you have a written security policy that you need to
implement, that will change over time, if it is necessary to have an
auditable configuration so you can prove to your boss's boss's boss that you
are, in fact, implementing the security policy detailed in Internal Corporate
Practices Document Xj-97.33.B, then you probably want to start with a
router.
Andrew
Follow-Ups:
|
|
