Francesca C Smith
2002-Jul-25 00:23 UTC
[Shorewall-users] Shorewall Vs Other Firewall Products
Hello, I use Shorewall at a clients site ... ( Its Excellent and Works Fabulously ) ... But I get all sorts of Buzz word stuff like Cisco Pix,Checkpoint and others from management and salesmen coming into this site .. When I try and position my solution (Shorewall,Squid,Snort and Red-Hat Linux) I get the that''s an inferior solution at protecting an enterprise. Do you know of a IP-Tables Linux Vs These Products comparison link or two. Particular attention is paid to stuff like VPN''s and IPSEC by my customer... I know the above products do a good job at insulating the complexity of setting these kind of connections up ... But its funny "You Need Expensive Cisco Or Etc trained consultants to do this". I know my customer is protected perfectly and has a extremely cost effective and robust platform. Its my opinion that Cisco Pix, Checkpoint et all are all proprietary money drains. ... Sorry to get off on a Rant here but if you all can help me with a link or two I will go about being quiet and content with Shorewall . Thank You, Francesca C Smith Lady Linux Internet Services http://www.ladylinux.com sysadmin@ladylinux.com
At 10:23 25/07/2002, Francesca C Smith sent this up the stick:>Hello, > >I use Shorewall at a clients site ... ( Its >Excellent and Works Fabulously ) ... But I get >all sorts of Buzz word stuff like Cisco Pix,Checkpoint and others from >management and salesmen coming into this site .. When I try and position >my solution (Shorewall,Squid,Snort and Red-Hat Linux) I get the that''s an >inferior solution at protecting an enterprise. Do you know of a IP-Tables >Linux Vs These Products comparison link or two. Particular attention is >paid to stuff like VPN''s and IPSEC by my customer... I know the above >products do a good job at insulating the complexity of setting these kind >of connections up ... But its funny "You Need Expensive Cisco >Or Etc trained consultants to do this". I know my customer is protected >perfectly and has a extremely cost effective and robust platform. >Its my opinion that Cisco Pix, Checkpoint et all are all proprietary money >drains.Can''t help with the link, but I''ll put my couple of cents worth forward. I suppose it''s like anything ... products have their market. Some people are happy to pay Cisco/CheckPoint/Nokia or whoever for their support, others are happy to pay people such as yourself. Some organisations also have strict auditing and/or certification of their products - AFAIK Linux/iptables has never been certified to any level of security that the big players have. People can claim that the Linux/iptables combination is inferior, but do these people have proof? I doubt it. I think a lot of customers _are_ caught up in buzz-words, becuase that what marketing throws at them. Cheers, Rob -- Buy Land Now. It''s Not Being Made Any More. This is random quote 301 of a collection of 1254 [15200.8 km (8207.8 mi), 262.8 deg](Apparent) Rennerian
While studies are great and will certainly simplify the argument for those less familiar with the product, it is often sufficient to just suggest that you look at feature set. I often come across the cult-like following of some products only to find out the "white paper warriors" have taken little time considering the individual qualification of the product their supporting. I have not been a big fan of Linux in the past, but given the value and the quality of development my mix of use has greatly changed. =20 One consistent draw back in the open source land is the support and more importantly the documentation. =20 What your detractors may be saying is, look I have clear concise documentation and 24-hour support does your product have this? In this case Tom does a pretty awesome job with support and documentation, but to enterprises that may not be sufficient. Now paid support is available I''m sure! You also have to consider the chain of custody? While you might be here today you could be gone tomorrow, could your client find the relevant support staff quickly and reasonable to come in and support the product? You also bear responsibility to line up backup support here! Also they are making an assumption that just because it is a PIX,etc box its installed properly. How many studies have all of us read about the number of improperly installed firewalls there are out there? Knowing the product and installing it properly is the key no matter which product you are talking about! I would not suggest attacking ones credentials only that there are studies that improperly configured firewalls are out there and the their product could be of the mix. I always hope that as a consultant the dialog is more of knowledge exchanges, you know, hey take a look at this Shoreline config it does all that this Cisco box does for a much greater value! But unfortunately people get very territorial, I guess that the fun of our job educating the cult! I realize that this by no means scientific, I just thought some of the points might come in handy supporting Shorewall as the great product it is until someone does a whit paper! Sorry for the diatribe! -----Original Message----- From: Rob B [mailto:rbyrnes@ozemail.com.au] Sent: Thursday, July 25, 2002 2:04 AM To: Francesca C Smith Cc: shorewall-users@shorewall.net Subject: Re: [Shorewall-users] Shorewall Vs Other Firewall Products At 10:23 25/07/2002, Francesca C Smith sent this up the stick:>Hello, > >I use Shorewall at a clients site ... ( Its >Excellent and Works Fabulously ) ... But I get >all sorts of Buzz word stuff like Cisco Pix,Checkpoint and others from >management and salesmen coming into this site .. When I try and position >my solution (Shorewall,Squid,Snort and Red-Hat Linux) I get the that''s an >inferior solution at protecting an enterprise. Do you know of a IP-Tables >Linux Vs These Products comparison link or two. Particular attention is >paid to stuff like VPN''s and IPSEC by my customer... I know the above >products do a good job at insulating the complexity of setting these kind >of connections up ... But its funny "You Need Expensive Cisco >Or Etc trained consultants to do this". I know my customer is protected >perfectly and has a extremely cost effective and robust platform. >Its my opinion that Cisco Pix, Checkpoint et all are all proprietary money >drains.Can''t help with the link, but I''ll put my couple of cents worth forward. I suppose it''s like anything ... products have their market. Some people are happy to pay Cisco/CheckPoint/Nokia or whoever for their support, others are happy to pay people such as yourself. Some organisations also have strict auditing and/or certification of their products - AFAIK Linux/iptables has never been certified to any level of security that the big players have. People can claim that the Linux/iptables combination is inferior, but do these people have proof? I doubt it. I think a lot of customers _are_ caught up in buzz-words, becuase that what marketing throws at them. Cheers, Rob -- Buy Land Now. It''s Not Being Made Any More. This is random quote 301 of a collection of 1254 [15200.8 km (8207.8 mi), 262.8 deg](Apparent) Rennerian _______________________________________________ Shorewall-users mailing list Shorewall-users@shorewall.net http://www.shorewall.net/mailman/listinfo/shorewall-users
Francesca C Smith
2002-Jul-25 13:25 UTC
[Shorewall-users] Shorewall Vs Other Firewall Products
Hello, Thank you very much for your kind words .. I am backed up as well as any other consulting group ... And I am training the local staff on Shorewall use et all ... I think one point is missing with the Big Vendors vs The Open Source Camp. That is that Open Source People have a love for the intricacys of the product while Big Vendors are more in line with Profit Margin. I do for my customer with results and not pretty boxes and books. I ask what do you need ?.. I find the right tool ... and I set it up ... (Yes I do get paid for this of course) .. They say let me get you a quote for the product and licenses and then we will find you a consultant. Thank You, Francesca C Smith Lady Linux Internet Services http://www.ladylinux.com sysadmin@ladylinux.com ----- Original Message ----- From: "Thad Marsh" <thad@marshtek.com> To: "Rob B" <rbyrnes@ozemail.com.au>; "Francesca C Smith" <sysadmin@ladylinux.com> Cc: <shorewall-users@shorewall.net> Sent: Thursday, July 25, 2002 7:07 AM Subject: RE: [Shorewall-users] Shorewall Vs Other Firewall Products> While studies are great and will certainly simplify the argument for thoseless familiar with the product, it is often sufficient to just suggest that you look at feature set. I often come across the cult-like following of some products only to find out the "white paper warriors" have taken little time considering the individual qualification of the product their supporting.> > I have not been a big fan of Linux in the past, but given the value andthe quality of development my mix of use has greatly changed.> > One consistent draw back in the open source land is the support and moreimportantly the documentation.> > What your detractors may be saying is, look I have clear concisedocumentation and 24-hour support does your product have this?> In this case Tom does a pretty awesome job with support and documentation,but to enterprises that may not be sufficient. Now paid support is available I''m sure!> > You also have to consider the chain of custody? > While you might be here today you could be gone tomorrow, could yourclient find the relevant support staff quickly and reasonable to come in and support the product?> You also bear responsibility to line up backup support here! > > Also they are making an assumption that just because it is a PIX,etc boxits installed properly. How many studies have all of us read about the number of improperly installed firewalls there are out there? Knowing the product and installing it properly is the key no matter which product you are talking about! I would not suggest attacking ones credentials only that there are studies that improperly configured firewalls are out there and the their product could be of the mix.> > I always hope that as a consultant the dialog is more of knowledgeexchanges, you know, hey take a look at this Shoreline config it does all that this Cisco box does for a much greater value! But unfortunately people get very territorial, I guess that the fun of our job educating the cult!> > I realize that this by no means scientific, I just thought some of thepoints might come in handy supporting Shorewall as the great product it is until someone does a whit paper! Sorry for the diatribe!> > -----Original Message----- > From: Rob B [mailto:rbyrnes@ozemail.com.au] > Sent: Thursday, July 25, 2002 2:04 AM > To: Francesca C Smith > Cc: shorewall-users@shorewall.net > Subject: Re: [Shorewall-users] Shorewall Vs Other Firewall Products > > At 10:23 25/07/2002, Francesca C Smith sent this up the stick: > >Hello, > > > >I use Shorewall at a clients site ... ( Its > >Excellent and Works Fabulously ) ... But I get > >all sorts of Buzz word stuff like Cisco Pix,Checkpoint and others from > >management and salesmen coming into this site .. When I try and position > >my solution (Shorewall,Squid,Snort and Red-Hat Linux) I get the that''s an > >inferior solution at protecting an enterprise. Do you know of a IP-Tables > >Linux Vs These Products comparison link or two. Particular attention is > >paid to stuff like VPN''s and IPSEC by my customer... I know the above > >products do a good job at insulating the complexity of setting these kind > >of connections up ... But its funny "You Need Expensive Cisco > >Or Etc trained consultants to do this". I know my customer is protected > >perfectly and has a extremely cost effective and robust platform. > >Its my opinion that Cisco Pix, Checkpoint et all are all proprietarymoney> >drains. > > Can''t help with the link, but I''ll put my couple of cents worth forward. > > I suppose it''s like anything ... products have their market. Some people > are happy to pay Cisco/CheckPoint/Nokia or whoever for their support, > others are happy to pay people such as yourself. Some organisations also > have strict auditing and/or certification of their products - AFAIK > Linux/iptables has never been certified to any level of security that the > big players have. > > People can claim that the Linux/iptables combination is inferior, but do > these people have proof? I doubt it. > > I think a lot of customers _are_ caught up in buzz-words, becuase thatwhat> marketing throws at them. > > Cheers, > Rob > > -- Buy Land Now. It''s Not Being Made Any More. > > This is random quote 301 of a collection of 1254 > [15200.8 km (8207.8 mi), 262.8 deg](Apparent) Rennerian > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@shorewall.net > http://www.shorewall.net/mailman/listinfo/shorewall-users > >