On Mon, 11 Dec 2000 odonovan_peter1 at emc.com wrote:
> - Is its software packet filtering package, ipchains being used as a
> firewall by many companies or due to its limited security
> or companies almost mandatorily forced to buy dedicated solutions like a
> Cisco's PIX
go read bugtraq, PIX has had a /lot/ of security issues lately.
ipchains is perfectly secure as is IOS filtering. (you either
configured things right or you didn't). However i think ipchains is
more manageable - as you can make chains of rules and attach them to
multiple other chains. so you can have a standard 'filter' chain and
attach that to all your incoming internet interfaces. If you change a
rule on your standard 'filter' chain, that change then applies for all
your internet interfaces. IOS can't do this (AFAICT) and you have to
maintain seperate lists per interface.
PIX is also a different beast to ipchains. ipchains does IP filtering
and no more. PIX does that and also understands protocols, and so can
filter inside the protocol. Eg: with ipchains you can put restrictions
on smtp access based on source/dest IP address. With PIX you can
filter at the level of SMTP commands.
Now if your system is already properly secure/configurable it could be
argued that there would be need for PIX-like protocol firewalls. (IE
PIX is a bit of a crutch).
> - What about as a router, mailserver, web server, dns server etc.etc.?
> How widely used and for what purposes is Linux becoming the industry
> standard ??
we use it for nearly everything here, including extremely
business-critical services. My manager gave a talk on it at the recent
Linuxworld do in dublin AFAIK.
> Does anyone have a concrete answer.
> Thanks in advance
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!