|
||||||||
He's being honest and open. If you want cheap solution, m0n0 is the way to go. Just like any other router, lets say linksys you have the same issues. Linksys just run a linux kernel with iptables. M0n0 is pretty much as secure as your going to get unless you willing to pay a lot for a PIX. As you can tell from m0n0's changelog, the developer keeps up with security and fixes unlike bigger companies where you have to wait awhile for patches. Why not setup a development network and try m0n0wall, I think you will be very happy with it. Net4501 + m0n0wall and a 32meg flash card. -----Original Message----- From: [mailto:brad dot gibson at naponline dot net] Sent: Tuesday, January 20, 2004 8:24 AM To: m0n0wall at lists dot m0n0 dot ch Subject: [m0n0wall] Quick Question and Poll A few days ago here at work, a remote T1 site was having some performance issues. I offered up some troubleshooting suggestions and while I was doing that, I threw out the idea of switching to m0n0wall. A little desktop setup with Windows 2000 Server running Routing and Remote Access with no other firewall applications is currently being used. This box performs simple nating and routing out to the T1 line and nothing more. However, a co-worker replied to my suggestion of m0n0wall after looking at m0n0wall's website. He stated that "[he'd] be leery of firewall software who's entire security page is this:" ----------------------------------- Although I have tried my best to make m0n0wall as secure as possible, there is still the possibility of security holes (hell, no software programmer can say for sure that his product is absolutely bug-free!). The rule generator currently has to generate rules that open up the filter a bit more than I'd like, mainly because ipfilter 3.x.x lacks the ability of specifying placeholders for a given interface's IP address. We'll have to wait until ipfilter 4.0 is released to get that functionality. You can have a look at the ipfilter ruleset that is currently active by going to http://<m0n0wall-ip>/status.php. If you're familiar with ipfilter, please take the time to read through the ruleset and inform me of any possible improvements or holes (along with a description of which settings you changed in the webGUI). Thank you! ----------------------------------- I have to admit, that does sound a little scary. I personally think that Manuel just isn't giving enough credit to his work and ipFilter (that's me though). Hell, it's probably more secure than Windows 2000 Routing and Remote Access, especially without any additional firewall application. Through out my time on the mailing lists, I've gotten the impression that numerous people run this at the work. This is why I'd like to take a poll. If everyone could reply and answer the following questions, I'd appreciate it! 1. What is the name of your company? (Not needed, just curious) 2. How many servers do you have behind m0n0wall? 3. How many workstations do you have behind m0n0wall? 4. If you have a DMZ, how many servers are in it? 5. If you have a Wireless interface, how many clients do you have connecting and do they have to VPN in or are they directly connected? 6. Do you support VPN? If so, Do you have a local user db, radius, or pass thru to another server? 7. Do you redirect any external ports to internal devices? 8. Any additional information that will just make m0n0wall look sweet! Again, any and all replys would be greatly appreciated! Thanks =================================== Brad Gibson, CCNA, MCP, Net+, A+ Network Engineer City of Baltimore =================================== --------------------------------------------------------------------- To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch |