What does Firewall/Plus do for logging ?
Serial cable, disk file, over the network ?
If I want to extend Firewall/Plus (which sounds like a cheap packet filter
in a box) to do proxy services, must I add more hardware to do that ?
What I see as being a difference between using a dedicated box and something
running Unix is the number of tools you have available to look at what is
happenning, generate data from logs, etc.
For example, can you pull out tcpdump and run that to check up on some reports
of problems if you're using a Firewall/Plus box ?
Sure, if you have network sniffer h/w, you don't `need' this - maybe.
If Firewall/Plus just filters packets, how is it any different (besides name)
from a bridge or hub that does filtering ? Why do I want a DOS box when I
can get an off-the-shelf hardware solution that is made for networking ? The
DOS box is going to be bigger (monitor), etc.
If I've got something running Unix as a firewall, not only do I have a
firewall, but I've got something I can work with to investigate and solve
problems, which maybe as annoying as a bad network card or simply adding
another SecurID user.
>From what I've read (on firewalls) of Firewall/Plus, it doesn't interact
with the disk for (I presume) anything other than reading the config file:
I hope :) Purpose built software packages are going to have limitations,
either that or you end up constructing a piece of software which has to do
it all anyway.
Maybe unix is big and risky and buggy, maybe you've tested (to exhaustion)
its IP routines, but I don't see that it gives me any significant advantages
compared to running unix with only console access, although it removes a lot
of very useful tools from my hands.
Perhaps a PC person isn't going to expect all those "missing tools", but then
they've been living with a Denial Of Service (DOS) attack for years :-)
darren
References:
|
|
