On 5/4/05, Florin Andrei <florin@xxxxxxxxxxxxxxx> wrote: > On Wed, 2005-05-04 at 12:38 -0500, Aaron P. Martinez wrote: > > > firewall/anything not my favorite choice. The firewall imo, shouldn't > > be running any services that can be attacked, simply passing packets and > > optioally routing. > > OTOH, the most rapidly growing market in the security space is UTM > (Unified Threat Management) appliances, which are, essentially, not just > firewall/anything but actually firewall/everything. :-) > > Even from a fairly hard-core position it might make sense to combine a > firewall and an IPS since, truth being said, they're the same thing but > acting at different levels in the OSI stack. > Well, provided that the false positives/negatives are low enough. :-) > > > if you have a spare 4 or 5 year old machine laying around, consider > > throwing linux or some BSD on it and running openvpn. it's a very > > secure ssl based vpn product and you only need one port opened up in > > your firewall, no gre so no custom kernel needed. > > thumbs up > I second the nomination for OpenVPN. I have had 1.6 running for a site for over a year with one person connecting in from another state everyday without a hitch. I don't think any of the firewall distros have upgraded to the new 2.0 version, but IIRC Devil Linux has OpenVPN integrated in. OpenVPN is multiplatform and supports Windows, Linux and other *nix as well. Additionally the web site has a large amount of documentation and the community dose a great job of supporting it. The one thing to be wary of is if your routing experience is light then you may have some difficulties getting the routing, and hence VPN and firewall working smoothly. I believe that DAG has OpenVPN 2.0 as a RPM as well. -- Leonard Isham, CISSP Ostendo non ostento.