No subject

Tue Jun 4 12:17:20 MDT 2013

secure. If you don't belive me, look at the average bugfix time
for Linux kernel security bugs and for kernel security bugs on firewalls.

> If you aren't running a "real" firewall (and we could debate ad 
> infinitum how real Linksys is) then you are probably exposed. 
> Period.  We recommend an external appliance, maybe the Linksys fits 
> your requirements, maybe Watchguard or Sonicwall does.

>> [...]
> You could go for another 15 minutes and people will still think that 
> their Linux box is a great firewall and how could they possibly be a 
> victim.

This really depends on who set up the box. Chances are high that
whoever sets up a private security gateway isn't as experienced 
as someone who works for watchguard etc. 

> *None* of our customers running a commercial firewall have been 
> hacked.  Plenty of Linux customers have.

Hmmm, that doesn't prove anything. In my experience the people
who are willing to spend a lot of money on a 'real' firewall
have a reason for doing so. Therefore their whole attitude towards
security is different. Comparing the final result (been hacked vs.
not hacked) and claiming the difference on the teeny piece of hard-
ware inbetween the external and the internal net is a gros over-
simplification. A firewall is an important part of an overall 
security concept, but only a complex system of hardware, software,
constant monitoring and training of everone working with the net
will make a site secure. Most incidents i have heard of recently
where caused by malicious code executed on a client from within
the private net--something even the best firewall can't stop.


More information about the LUG mailing list