[ILUG] a few general linux questions
paulj at itg.ie
Mon Dec 11 13:28:28 GMT 2000
On Mon, 11 Dec 2000 odonovan_peter1 at emc.com wrote:
> - Is its software packet filtering package, ipchains being used as a
> firewall by many companies or due to its limited security
> or companies almost mandatorily forced to buy dedicated solutions like a
> Cisco's PIX
go read bugtraq, PIX has had a /lot/ of security issues lately.
ipchains is perfectly secure as is IOS filtering. (you either
configured things right or you didn't). However i think ipchains is
more manageable - as you can make chains of rules and attach them to
multiple other chains. so you can have a standard 'filter' chain and
attach that to all your incoming internet interfaces. If you change a
rule on your standard 'filter' chain, that change then applies for all
your internet interfaces. IOS can't do this (AFAICT) and you have to
maintain seperate lists per interface.
PIX is also a different beast to ipchains. ipchains does IP filtering
and no more. PIX does that and also understands protocols, and so can
filter inside the protocol. Eg: with ipchains you can put restrictions
on smtp access based on source/dest IP address. With PIX you can
filter at the level of SMTP commands.
Now if your system is already properly secure/configurable it could be
argued that there would be need for PIX-like protocol firewalls. (IE
PIX is a bit of a crutch).
> - What about as a router, mailserver, web server, dns server etc.etc.?
> How widely used and for what purposes is Linux becoming the industry
> standard ??
we use it for nearly everything here, including extremely
business-critical services. My manager gave a talk on it at the recent
Linuxworld do in dublin AFAIK.
> Does anyone have a concrete answer.
> Thanks in advance
More information about the ILUG