Firewall Packages Softr ware Packages

Firewall Packages Softr ware Packages

Post by James Seymo » Sat, 17 Dec 1994 06:30:45



Hi there.  We're thinking of getting hooked-up to the net.
I'd like to look into some firewall software packages
that run on either Suns of SCO.  Commercial or otherwise,
makes no difference--as long as it works right :-).
Preferably application level firewall stuff.

I already talked to the PORTUS folks, but their stuff
presently only runs on RS-6000s :-(.  (Not to mention it
costs big $$$.)

You can email and/or follow-up here, as you like.

Thanks,
Jim
--
Jim Seymour                     | Medar, Inc.
...uunet!medar!jseymour         | 38700 Grand River Ave.

GEnie: jseymour                 | FAX: (810)477-8897

 
 
 

Firewall Packages Softr ware Packages

Post by Pat Kel » Mon, 19 Dec 1994 12:49:04



> I already talked to the PORTUS folks, but their stuff
> presently only runs on RS-6000s :-(.  (Not to mention it
> costs big $$$.)

I'm familiar with PORTUS and it's less expensive (in one case MUCH less
expensive) than other application firewalls.  Most of the firewalls on Sun
and SCO are home-grown, which usually means their actual security value
has never been tested.  So the question might be, how valuable is what you
need to secure?

P.S.  If you do an apples-to-apples comparison, the PowerPC-based RS/6000s
COST LESS & PERFORM BETTER than equivalent Suns.  So while RS6Ks are not
perfect (so what is?), money and performance are not the issues.  

P.P.S. Every application firewall I know of runs on RS/6000s but few run
on Sun.  Ever wonder why?

 
 
 

Firewall Packages Softr ware Packages

Post by Marcus J Ran » Mon, 19 Dec 1994 23:57:02


Quote:>P.P.S. Every application firewall I know of runs on RS/6000s but few run
>on Sun.  Ever wonder why?

        TIS' Gauntlet(tm) firewall runs on a X86 system on top of
BSDI with some kernel mods to disable source routing and whatnot.
It's based on the well-known and very widely evaluated Firewall
Toolkit, the internet de facto standard firewall. BSDI is a big
advantage for those who require access to the system: complete
O/S source is available for under $1,000 and the complete Gauntlet
source is included with the product. Priced around $15,000, it's
a complete high-assurance firewall that is definitely not a
"trust us" black box.

        So now you know of at least one application firewall that
runs on something other than an RS/6000 or a Sun.  :)

mjr.

 
 
 

Firewall Packages Softr ware Packages

Post by dmcca.. » Wed, 21 Dec 1994 05:21:03


Quote:>IBM just announced a new software package and services to support firewalls.  
>Not being from marketing, I am not sure where you can get more info other than
>the online announcement letters or your favorite IBM rep.

For more information on the IBM NetSP Secured Network Gateway
contact Scott Bauman at 919-254-7416.  He does not appear to
have an Internet address, hmmmm, have to see about that!!

Hope this helps...

Dan McCarty
IBM Network Security Product

 
 
 

Firewall Packages Softr ware Packages

Post by Ken Paquet » Mon, 19 Dec 1994 13:06:09





>> I already talked to the PORTUS folks, but their stuff
>> presently only runs on RS-6000s :-(.  (Not to mention it
>> costs big $$$.)

>I'm familiar with PORTUS and it's less expensive (in one case MUCH less
>expensive) than other application firewalls.  Most of the firewalls on Sun
>and SCO are home-grown, which usually means their actual security value
>has never been tested.  So the question might be, how valuable is what you
>need to secure?

>P.S.  If you do an apples-to-apples comparison, the PowerPC-based RS/6000s
>COST LESS & PERFORM BETTER than equivalent Suns.  So while RS6Ks are not
>perfect (so what is?), money and performance are not the issues.  

>P.P.S. Every application firewall I know of runs on RS/6000s but few run
>on Sun.  Ever wonder why?

IBM just announced a new software package and services to support firewalls.  
Not being from marketing, I am not sure where you can get more info other than
the online announcement letters or your favorite IBM rep.
---------------------------------------------------------------------------
Ken Paquette; IBM Microelectronics Division; Distributed Computing Services

IBMMAIL: USIB1X62; X.400  c=us; a=ibmx400; p=ibmmail; s=paquette; g=paquetk
 
 
 

Firewall Packages Softr ware Packages

Post by James Seymo » Thu, 22 Dec 1994 21:51:56




>> I already talked to the PORTUS folks, but their stuff
>> presently only runs on RS-6000s :-(.  (Not to mention it
>> costs big $$$.)

>I'm familiar with PORTUS and it's less expensive (in one case MUCH less
>expensive) than other application firewalls.

Well then I guess I've been pretty naive.  *I* thought $16kUS was
pretty steep.  I expected prices a fraction of that.  Oops!

Quote:>                                              Most of the firewalls on Sun
>and SCO are home-grown, which usually means their actual security value
>has never been tested.  So the question might be, how valuable is what you
>need to secure?

Pretty darn valuable to us, in our opinion.

Quote:>P.S.  If you do an apples-to-apples comparison, the PowerPC-based RS/6000s
>COST LESS & PERFORM BETTER than equivalent Suns.  So while RS6Ks are not
>perfect (so what is?), money and performance are not the issues.  

Using an RS/6000 is not in the cards at the moment.  We're trying
to *reduce* the number of different flavors of systems we have
around here, not increase.  Besides, I already have available for
the firewall either a Sun Sparc Classic or a PeeCee with SCO.
(I'll probably go with the Sun.)

Quote:>P.P.S. Every application firewall I know of runs on RS/6000s but few run
>on Sun.  Ever wonder why?

Well, since I just found about that, no--I never have.  But given
the proliferation of Suns throughout the high-end computing world--
yes, I would wonder why.

Jim
--
Jim Seymour                     | Medar, Inc.
...uunet!medar!jseymour         | 38700 Grand River Ave.

GEnie: jseymour                 | FAX: (810)477-8897

 
 
 

Firewall Packages Softr ware Packages

Post by Catherine Fulm » Fri, 23 Dec 1994 01:59:31


For folks not in firewalls list: you can also find a list of
commercial firewall products/vendors at:

http://www.digimark.net/bdboyle/fulmer/firewall.vendor.html

--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

My words are mine, and don't reflect the views of my employer.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

 
 
 

Firewall Packages Softr ware Packages

Post by Nick Gianniot » Fri, 23 Dec 1994 11:06:19


FYI:

Advanced Systems magazine has a review of Firewall-1 this month. This is a
firewall product available on sun platforms using cisco & wellfleet
routers.

Nick

 
 
 

Firewall Packages Softr ware Packages

Post by Pat Kel » Fri, 23 Dec 1994 16:39:54


Quote:> >I'm familiar with PORTUS and it's less expensive (in one case MUCH less
> >expensive) than other application firewalls.

> Well then I guess I've been pretty naive.  *I* thought $16kUS was
> pretty steep.  I expected prices a fraction of that.  Oops!

I'm sincerely curious, what do you think is a fair price for a security
firewall?  I'd like to read anyone else's opinion too.  

If its source is shareware or freeware or public domain, it's a good bet
it's been cracked into (& few people seem to extensively examine source
code they've downloaded before compiling it so who'd know until it was too
late?).  If it's a commercial product, then the company has to charge
enough to support it and enhance it against the continuing efforts of the
crackers (because once its broken into the value of the product & company
can go to zero quickly).  And a GOOD firewall is definitely not the result
of trivial effort because those crackers are not stupid and they are
persistent.  

Certainly the value of a firewall to a particular company will vary with
how sensitive the protected data is.  But it's almost impossible to
accurately value data and, if it could be done in a particular case, the
potential client would never tell anyone else what the answer is.  So
something like 5% of the secured value probably wouldn't work -- unless
you can think of a different way.  

So with this explanation, I hope you'll believe this is not a smart-aleck
comment but a real request for your opinion.  Thanks in advance.

 
 
 

Firewall Packages Softr ware Packages

Post by JAY LYA » Fri, 23 Dec 1994 20:46:00




>>If its source is shareware or freeware or public domain, it's a good bet
>>it's been cracked into (& few people seem to extensively examine source
>>code they've downloaded before compiling it so who'd know until it was too
>>late?).

>    Please justify/explain this argument.

>    The firewall toolkit has not been cracked into to anyone's
>knowledge, and it's freely available in source code form. In fact, I
>believe that the availability of the toolkit has strengthened it
>considerably -- after all, having the source code out there means not
>only that hackers can look at it, but security experts can. The toolkit
>code has been more extensively reviewed by more firewall experts than
>any other firewall product in existence.

>    With respect to examination of code and the potential for
>trojan horses, that is something that is a potentially * problem
>and it's one reason we've tried to encourage people to download
>the toolkit from our site, and we provide a PGP-signed set of checksums
>against the current release version. There's always a risk that someone
>might be able to propagate bogus code, but -- again -- you'll *NEVER*
>know it if the sources aren't available. I'm actually quite pleased
>with the level of peer review that the code seems to undergo with
>each version. I know at least one site out there diffs EVERY module
>against the first version, which they reviewed carefully. That's
>better cross-checking than you'll get with a "binary only" black
>box product.

>mjr.

Sure having the source code is nice, but its only as good as
the code and the comments. If I remember right when I looked
at the code for the fwtk it was not in standard c C and the comments
read something like "Its late and I don't feel like writting
any comments tonight." So if I can't  look at the code and
easily understand what it does and why its really no different
than using a black box.

jay

 
 
 

Firewall Packages Softr ware Packages

Post by Stephen P. Pott » Sat, 24 Dec 1994 09:07:36


   [someone cut headers, so I don't know who wrote the originals]
   > >I'm familiar with PORTUS and it's less expensive (in one case MUCH less
   > >expensive) than other application firewalls.
   >
   > Well then I guess I've been pretty naive.  *I* thought $16kUS was
   > pretty steep.  I expected prices a fraction of that.  Oops!

   I'm sincerely curious, what do you think is a fair price for a security
   firewall?  I'd like to read anyone else's opinion too.  

In all seriousness, $16k is far too steep a price IMHO.  Unless it is
vitally important that your network be connected to the Internet (I
can think of almost no vital reasons), I can't in good conscience try
to convince my management to spend that kind of money on what amounts
to a glorified toy.  We can get all the service we need from a UUCP
link (which was costing us less than $500/month including LD phone
charges).  I may be able to convince management to spend $1000 for
that kind of software, but even that might be pushing it.


package.  Although it doesn't have all the bells and whistles of some
of the firewall packages I've seen, I'd much prefer to use it than
anything else, because I can see what it does and how to fix it if it
breaks.

Steve
--

Varimetrix Corporation                          2350 Commerce Park Dr. Ste 4
Palm Bay, FL    32905                                   CAD/CAM/CAE/Software
(407) 676-3222                                           Fax: (407) 723-4388

 
 
 

1. Why are some packages installed in all zones for Solaris 10, but some packages are not ?

Hi:

We are installing some packages onto a Solaris 10 environment which is
configured with three zones in total.

For some reason, a certain package is always installed in all three zones
(global, zone1, zone2), but the other packages are only installed in the
global zone.

For all packages, we have set:
SUNW_PKG_ALLZONES=false
SUNW_PKG_HOLLOW=false

The command we run (in global zone) is:

# pkgadd -d <whatever> <pkgname>

Our question is:
why is this package installation behaviour different from the other
packages, when everything seems to be the same ?

Thanks
JL

2. :Does solaris 2.4 PPP supports dynamic addressing?

3. xmstat statistical package package, binaries?

4. SKIP the first message, read this one!!!

5. make package from an installed package

6. Slackware 9.0 won't boot - No init

7. how do you remove a package without knowing the package name?

8. snmp problem

9. Redhat 7.3 - how install new packages from the CD package?

10. updating RPM packages with new nonRPM-packages

11. Mutt Package Doesn't Like OpenSSL Package Version

12. embedded filesystem packages & package tools

13. Packaged Linux Firewall Solution.....