[60594] in North American Network Operators' Group
RE: Microsoft to ship new versions with firewall enabled
daemon@ATHENA.MIT.EDU (Scott McGrath)
Thu Aug 14 13:10:59 2003
Date: Thu, 14 Aug 2003 13:07:07 -0400 (EDT)
From: Scott McGrath <mcgrath@fas.harvard.edu>
To: Drew Weaver <drew.weaver@thenap.com>
Cc: "'Greg Maxwell'" <gmaxwell@martin.fl.us>,
"'Eric A. Hall'" <ehall@ehsco.com>,
"'Sean Donelan'" <sean@donelan.com>,
"'nanog@merit.edu'" <nanog@merit.edu>
In-Reply-To: <75634F04BFCFD511BF69009027DC86495C634D@mailman.thenap.com>
Errors-To: owner-nanog-outgoing@merit.edu
The checkpoint and Pix Boxen are what we use here. But we also use
ipchains to secure things at a host level.
Scott C. McGrath
On Thu, 14 Aug 2003, Drew Weaver wrote:
>
>
> ipchains and similar firewalls are indeed far superior. I manage "real"
> firewalls as part of my responsibilities.
>
> However the new microsoft policy will help protect the network from Joe
> and Jane average who buy a PC from the closest "big box" store and hook it
> up to their cable modem so they can exchange pictures of the kids with the
> grandparents in Fla. This is the class of users who botnet builders dream
> about because these people do not see a computer as a complex system which
> _requires_ constant maintenance but as a semi-magical device for moving
> images and text around.
>
> ----
>
> I don't believe that many people really see ipchains as a real viable
> firewall. I think it is awesome, but in many corporations simply mentioning
> it gets you a stern eyeing. Of course these corporations can spend tons of
> money on Checkpoint and PIX boxen.
>
> -Drew
>
>
>
