[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Digest.

Hi,

There have been a bunch of useful submissions for the compare /contrast
thread. 

To reduce the load on your mailbox, they are gathered here in one go...

				Roger. 


Date: Wed, 28 Oct 1998 15:11:37 +0000
From: "David L. Sifry" <dsifry linuxcare com>
To: "Matthew S. Crocker" <matthew crocker com>
CC: Rob Bringman <rob trion com>, linux-security redhat com
Subject: [linux-security] Re: compare / contrast of linux fw and others

For an extra module, Firewall-1 does VPN.  Linux also has various VPN
options.  Check out VPS <http://www.strongcrypto.com/> for one, CIPE
and IP Tunnel (ipip.o) are others off the top of my head.

Dave
-- 
Dave Sifry, Chief Technical Officer
LinuxCare, Inc.  
415 831-9507 tel, 415 831-9763 fax
dsifry linuxcare com, http://www.linuxcare.com/

LinuxCare, The Leader in Linux Support

From: "Danyell Wilt" <danyell ctelcom net>
To: "Matthew S. Crocker" <matthew crocker com>
Cc: <linux-security redhat com>
Subject: [linux-security] Re: compare / contrast of linux fw and others
Date: Wed, 28 Oct 1998 09:17:45 -0600

>Can you do VPN with your linux solution.  I love linux and have setup
>several linux firewalls.  I have only played with firewall-1 for a bit and
>the GUI is the only thing I can think of which makes it a better
>'corporate' solution.

    You can use ssh to make a VPN using Linux , pppd , and pty-redir. The
HOWTO was written by Arpad Magosanyi and is avaliable
    http://www.cdrom.com/pub/linux/slackware/docs/mini/VPN

    The VPN more or less sets up ppp between two Linux machines, and
encrypts all traffic using secure shell encryption.


Date: Wed, 28 Oct 1998 11:10:28 -0500 (EST)
From: "Peter H. Lemieux" <phl cyways com>
To: "Matthew S. Crocker" <matthew crocker com>
cc: Rob Bringman <rob trion com>, linux-security redhat com
Subject: [linux-security] Re: compare / contrast of linux fw and others

On Wed, 28 Oct 1998, Matthew S. Crocker wrote:

> Can you do VPN with your linux solution.  I love linux and have setup
> several linux firewalls.

Check out http://sites.inka.de/sites/bigred/devel/cipe.html for a VPN
implementation for Linux.  Installs as a kernel module plus daemon.  By
default it uses 128-bit Blowfish, but can be configured to use other
encryption methods.  Right now it uses a static key, but Olaf Titz, the
developer has said he's looking to implement public-key solutions down the
road.  His first priority at the moment is to make it all run with 2.1.x
kernels.

I now use it routinely to communicate with my remote servers.  Makes it
look like the server resides on my private IP network which is behind my
Linux office firewall.

Peter


-----

Peter H. Lemieux				Voice:	(800) 5-CYWAYS	
CYWAYS, Incorporated					(+1 617 796 8995)
19 Westchester Road				Fax:	(617) 796-8997
Newton, Massachusetts 02458-2519 USA		Web:    http://www.cyways.com

To: linux-security redhat com
Subject: [linux-security] Re: compare / contrast of linux fw and others 
Reply-To: oboyle csociety purdue edu
Date: Wed, 28 Oct 1998 10:23:00 -0600
From: "Todd O'Boyle" <oboyle csociety purdue edu>


> Doesn't Firewall-1 do VPN? Virus scanning (optional), HTTP scanning
> (virus/content optional) QoS.

HTTP content and Virus scanning comes with FW-1, but Checkpoint's VPN
software is a different product.  They do seem to integrate seamlessly,
though.

> Can you do VPN with your linux solution.  I love linux and have setup
> several linux firewalls.  I have only played with firewall-1 for a bit and
> the GUI is the only thing I can think of which makes it a better
> 'corporate' solution.

One can build VPNs using SSH.  There is a bit of information here, but
a web search would probably do you better:
http://csociety.ecn.purdue.edu/~sigos/projects/ssh/forwarding/index.html#VPN
It's based on running PPP over the encrypted SSH link.

The virus and HTTP scanning, if it isn't implemented already, would
probably be a fun project if we can find an algorithm to do such a thing.

Also, I have come across a WWW based rule-generator for IPFW.  You can find it
at ftp://coast.cs.purdue.edu/pub/tools/unix/fwconfig/.  This may be something
that may be a plus to sell IPFW to your boss.

cheers,
-Todd

To: linux-security redhat com
Subject: [linux-security] Re: compare / contrast of linux fw and others 
Date: Wed, 28 Oct 1998 17:27:07 -0500
From: "Brandon S. Allbery KF8NH" <allbery kf8nh apk net>

In message <Pine LNX 3 95 981028080106 17173A-100000 rmc1 crocker com>, 
"Matthe
w S. Crocker" writes:
+-----
| > I am the Firewall-1 administrator where I work and it has a very nice
| > GUI tool for defining objects (can be hosts, networks, DNS domains,
| > groups of hosts, etc.) and a straightforward way of building a
| > rulebase.
| 
| Doesn't Firewall-1 do VPN? Virus scanning (optional), HTTP scanning
| (virus/content optional) QoS.
+--->8

You could probably come up with modules to do these kinds of things in 
connection with ipchains, but technically Linux's solution is a packet 
filter, not a firewall.  That's only one part of the equation --- products 
like FireWall-1 also provide other parts such as proxy servers.

-- 
brandon s. allbery	[os/2][linux][solaris][japh]	 allbery kf8nh apk net
system administrator	     [WAY too many hats]	   allbery ece cmu edu
electrical and computer engineering					 KF8NH
carnegie mellon university


From: "Carric Dooley" <carric com2usa com>
To: "'Matthew S. Crocker'" <matthew crocker com>,
        "'Rob Bringman'" <rob trion com>
Cc: <linux-security redhat com>
Subject: Re: [Linux-security] Re: compare / contrast of Linux FW and others
Date: Wed, 28 Oct 1998 20:04:41 -0500

Firewall 1 will do FW to FW encrypted tunneling and you can download the
free "SecuRemote" client for VPN.  The only VPN solution I have heard of for
Linux would be SSH.  I was talking to the FSecure Rep and he said you can
run everything through SSH (mail, ftp, http, etc.).  If you fire up and SSHd
on your Linux box, then use FSecure client on a windows box (and he said he
was sure it could be done with Linux, though he didn't' know how -- I would
love to play with it).  Now rootshell did get hacked through ssh today, so
maybe this requires more evaluation...

The other solution I have seen is to use SSH on two Linux boxes, then setup
tunneling between them as secure gateways between two networks.


Date: Thu, 29 Oct 1998 11:44:41 +0800
To: linux-security redhat com
From: Chan Kar Heng <khchan cyberdude com>
Subject: [linux-security] Re: compare / contrast of linux fw and others

At 08:05 AM 10/28/98 -0500, you wrote:

how about reporting? anything useful to please
the eyes of the management people?


>> I am the Firewall-1 administrator where I work and it has a very nice
>> GUI tool for defining objects (can be hosts, networks, DNS

<snipped>
http://home.backroom.net/~bozo



-- 
| Most people would die sooner than think....  |    R E Wolff BitWizard nl 
| in fact, most do.  -- Bertrand Russsell      |     phone: +31-15-2137555 
We write Linux device drivers for any device you may have! fax: ..-2138217
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]