[ale] VPN choices...

Christopher Fowler cfowler at outpostsentinel.com
Tue Mar 8 17:54:48 EST 2005


My question should draw a flame war.  When does an OSS solution like
Linux with IP Filtering trump hardware like the Cisco PIX?  ISS? 



On Tue, 2005-03-08 at 15:32, Jonathan Rickman wrote:
> On Tue, 08 Mar 2005 13:20:48 -0500, Jeff Hubbs <hbbs at comcast.net> wrote:
> > But is there not merit to using an all-Free-Software solution such that
> > no aspect of the solution is forcibly hidden from inquiry and
> > examination?  Or is a black-box "We say it's okay, trust us, you have
> > nothing to fear, no you may not examine it" solution preferable?
> 
> All things being equal, yes. The open source solution would be
> preferred. However, this is one area where things are often not
> equal...or even remotely so. I'm just offering friendly advice in an
> effort to help someone avoid getting themselves into the bad
> situations that the last folks who ignored my friendly advice found
> themselves in. I have designed and deployed OSS based and commercial
> firewall/IDS/VPN solutions for quite some time now, and it is not
> uncommon to run into situations (even now) where the typical
> Intel/Linux solution is not appropriate. As a security consultant I
> question the logic of pushing a solution that is likely to leave the
> admin feeling like a fish out of water. A complex Linux solution that
> has better theoretical performance and security, but is totally
> misconfigured by a confused windows admin is likely to end up being
> completely inferior to a solution that the admin is comfortable with.
> 
> --
> Jonathan
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale



More information about the Ale mailing list