On Mon, 21 Jul 2003, Ed Wilts wrote: > I also don't like the idea of having critical services on a firewall > system. One system is breached, and the attacker is in. With my > config, the attacker has to breach 2 separate systems to get anywhere. > Yes, I could have a separate Linux system, and I've run that config too. > It's yet another system to manage and keep up to date with security > patches, maintain backups, etc. and a full system takes more heat and > power. My Linksys firewall could die and be replaced with a quick trip > to one of the local computer stores. If the Linux system fails, it > could potentially be a lot more work (no mirroring on this system, for > example). The Linksys also really wins for those Linux admins who don't > take security seriously, and that's unfortunately more people that we > want to admit to. It's more work to admin a Linux system that it is to > admin a Linksys system. Does the Linksys firewall do connection tracking?? If not you are not only spending additional money but you are getting a less capable and IMO less secure firewall for more $$. If it does conn tracking then I could see where it would make more sense in some conditions. Since I do not won one I do not know the answer. --- ............Tom -- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list
