* iptables vs cisco pix
@ 2002-10-02 16:36 Mike Hull
2002-10-03 1:16 ` Rick Deckard
2002-10-07 20:41 ` Ryan Hoegg
0 siblings, 2 replies; 3+ messages in thread
From: Mike Hull @ 2002-10-02 16:36 UTC (permalink / raw)
To: netfilter
Does anyone know where I could find a comparison of linux+iptables vs
cisco pix? I'm trying to convence a couple health care organizations to
get linux boxes rather than cisco pix solutions. These people are stuck
on cisco. Everything they have is overpriced cisco garbage. Personally,
I have compared them, and I have had to replace cisco equipment with an
iptables firewall. I don't think they're just going to take my word for
it though.
Thanks,
Mike
^ permalink raw reply [flat|nested] 3+ messages in thread
* RE: iptables vs cisco pix
2002-10-02 16:36 iptables vs cisco pix Mike Hull
@ 2002-10-03 1:16 ` Rick Deckard
2002-10-07 20:41 ` Ryan Hoegg
1 sibling, 0 replies; 3+ messages in thread
From: Rick Deckard @ 2002-10-03 1:16 UTC (permalink / raw)
To: highway, netfilter
I agree with you. However you have to consider the political issues. If
there is any kind of security breach, management and auditors may want to
know what type of hardware was used.
If you go with your Pix or Checkpoint implementation you cover your rear end
if anything goes wrong.
I've been using Linux since 98 and it's slowly creeping into the enterprise.
I'm a consultant, and I've had the opportunity to move around a bit. Linux
is doing well in the server market.
I doubt you'll get management to buy into a Linux solution unless you
provide examples of other users. Do you have a vendor contract with Redhat
or Caldera? It might make it easier.
Try SE-Linux. Management might go with a firewall implementation backed by
the NSA.
-Clarke-
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: iptables vs cisco pix
2002-10-02 16:36 iptables vs cisco pix Mike Hull
2002-10-03 1:16 ` Rick Deckard
@ 2002-10-07 20:41 ` Ryan Hoegg
1 sibling, 0 replies; 3+ messages in thread
From: Ryan Hoegg @ 2002-10-07 20:41 UTC (permalink / raw)
To: netfilter
This topic has come up before. You need to specify your security
requirements by building an enterprise security policy before you can
choose your tools to implement that policy. PIX and other commercial
firewalls give you a lot more than packet filtering and NAT. VPNs, log
analyzers, clustering, and intrusion detection are some of the features
you will not see in vanilla linux + iptables. If your policy needs
these features, you can give your clients a proposal for your time to
install, configure, and document a custom linux based solution and
compare that with the purchase, installation, and configuration of a PIX.
You may find that a Watchguard Firebox is your best bet, especially
since it runs linux and iptables under the hood.
--
Ryan Hoegg
ISIS Networks
Mike Hull wrote:
>Does anyone know where I could find a comparison of linux+iptables vs
>cisco pix? I'm trying to convence a couple health care organizations to
>get linux boxes rather than cisco pix solutions. These people are stuck
>on cisco. Everything they have is overpriced cisco garbage. Personally,
>I have compared them, and I have had to replace cisco equipment with an
>iptables firewall. I don't think they're just going to take my word for
>it though.
>
>Thanks,
>Mike
>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2002-10-07 20:41 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-10-02 16:36 iptables vs cisco pix Mike Hull
2002-10-03 1:16 ` Rick Deckard
2002-10-07 20:41 ` Ryan Hoegg
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox