On Wed, 2005-05-04 at 12:38 -0500, Aaron P. Martinez wrote: > firewall/anything not my favorite choice. The firewall imo, shouldn't > be running any services that can be attacked, simply passing packets and > optioally routing. OTOH, the most rapidly growing market in the security space is UTM (Unified Threat Management) appliances, which are, essentially, not just firewall/anything but actually firewall/everything. :-) Even from a fairly hard-core position it might make sense to combine a firewall and an IPS since, truth being said, they're the same thing but acting at different levels in the OSI stack. Well, provided that the false positives/negatives are low enough. :-) > if you have a spare 4 or 5 year old machine laying around, consider > throwing linux or some BSD on it and running openvpn. it's a very > secure ssl based vpn product and you only need one port opened up in > your firewall, no gre so no custom kernel needed. thumbs up -- Florin Andrei http://florin.myip.org/
