Dear all,
I mentioned a little while ago, that management here is looking quite
keenly at commercial firewall products, although this isn't quite a given
as yet, and I'm still somewhat at a loss, as to which one to go for, if
this is what happens. One thing occured to me, was that there are a
couple of standardish Sun tools which might help us. Shield is one, and
ASET (I think) is the other. I believe ASET can be configured to act
as a firewall - has anyone any experience of this ? Also, is it a standard
Solaris tool, which I've failed to discover yet, or is it an additional
bolt on (and pay extra for) tool ?
Does anyone use Shield on their firewall setups to enhance logging/accounting
etc ?
Anyone got any comments wrt SOCKS or fwtk as far as their crackability
goes? I'm sure they're pretty well written etc. but I've no way of knowing
*how* (no offence to the authors of course) well written - I can't honestly
say to management - don't fret, it's all secure etc. I'm asking these given
that I've set them up correctly of course. Have there been any security
issues raised with these ?
Furthermore .. we're considering just granting email access for now, to the
desktop. My understanding is that smap running with sendmail and chrooted is
pretty secure. If sendmail is chrooted, and assuming the lack of things
like mknod etc within the scope of this chroot, is it possible to get out of
a chrooted environment ? Or is it impossible *by definition* ??
Thanks all,
Danny
|
|
