Cover V05, I06
Article
Figure 1
Figure 2
Figure 3
Listing 1
Listing 10
Listing 11
Listing 2
Listing 3
Listing 4
Listing 5
Listing 6
Listing 7
Listing 8
Listing 9
Sidebar 1
Sidebar 2
Sidebar 3
Sidebar 4
Sidebar 5
Sidebar 6
Sidebar 7

jun96.tar

Sidebar: A Freeware Firewall?

Some gurus say you should not use a public domain or freeware product in a mission critical role such as a firewall. In most cases, I agree with them; however, Linux is an exception. First, the support via the Internet is in most cases quicker, better, and more accurate than commercially funded support. And, if you dare to invest some time, you will quickly become very good at supporting Linux yourself. Second, Linux supports a vast set of hardware peripherals, and new ones are added every day. So, chances are very good that it will support the hardware you use for the firewall. Third, Linux has a very large audience. Estimates I've seen say there are more than 10 million Linux users worldwide. With this many "software testers," bugs are identified and corrected very quickly. Moreover, instead of waiting for a vendor to send you the patch, you can retreive it via the Internet immediately. Linux also has very good network support. In the later version, 1.3.x, the networking code is both faster and more reliable. This improvement is especially noticeable in the firewalling and masquerading code.

An added benefit is that the Linux code comes in source, and is free. So, the code is available for inspection, and you may add your own improvements if that special need arises.

Even if Linux weren't so widely used and so well supported, I would still be inclined to build my own firewall instead of buying a prefabricated one. An advantage of a "home grown" solution is that you can tailor it completely to the demands of your company. No two networks are alike, and therefore no two firewalls are alike. Prefab firewalls aren't always as flexible as a firewall based on a general-purpose kernel. Furthermore, building your own firewall forces you to become familiar with the critical components. You know where the pittfalls are, and you know how to circumvent them. This might sound unimportant, but the main reason firewalls are not as safe as they should be lies in human failure. If you aren't familiar with the software involved, you can easily configure it incorrectly and, thus, leave the backdoor wide open.


 

© 2002 CMP Media LLC. All Rights Reserved.
www.sysadminmag.com