> > I would also like to know if any shareware firewalls are as effective
> > at keeping the bad guys out as commercial products. Given that the in
> > house talent can install it properly.
> YES. If you have a month or two full-time of an already-talented sysadmin's
> time, you can install the TIS firewall toolkit and do about as good a job as
> the commercial guys.
A month or two? Surely you jest?
We went from a wide-open network to a dual-homed bastion with the TIS fwtk
and SOCKS over a weekend, with about a week of prep work by a summer intern,
and maybe 20 hours of senior engineering time (we were without a sysadmin at
the time). This included DNS/NIS and mail exchanger reconfig and debugging.
The keys were careful planning, using an OS (SunOS 4.1.3) that we are already
familiar with, having good support from our access provider (PSI), and having
tested and debugged the SW on a dummy pair of LANs in the lab before the real
installation. Most of our trouble came from outside the network, getting our
firewall DNS server recognized as authoritative and getting old MX records in
our access provider's hosts expired.