Linux or ISA server ?

**ps3cheats** · 25-Mar-2007, 11:00 PM

Question: Yup that's it , Linux or ISA server. Which should I use for a firewall ?

**ps3cheats** · 25-Mar-2007, 11:01 PM

Let's start with the basics. In theory, if a server is advertising a service openly to the internet, it is possible that it's misconfigured or has a vulnerability, therefore it can be "hacked". Just by having a port open on a firewall doesn't mean anything, and the number of the port is even more irrelevant. In practise those services residing in well-known ports such as 25, 80 etc tend to be in their default (security) configuration, and quite possibly the latest security patches have not been installed. These things together mean that the server actually _can_ be hacked.

There are several types of firewalls, the most basic ones are static packet filters such as ipchains or windows tcp/ip filters that just either allow or disallow traffic to a certain port. Stateful packet inspection (SPI) is a step more advanced, and allow for example inbound traffic on an established outbound connection. Most Linux firewalls fall into this category, such as iptables/netfilter. Application-level proxies are application aware, and can detect anomalies within the traffic itself, knowing what the used protocol such as HTTP should look like and can block certain types of application specific functions.

A good firewall does a combination of some or all of these, based on the requirements and resources. When comparing Linux and ISA you're really comparing apples to oranges. Linux is an operating system that has a wealth of different firewall applications, ISA is a proxy/firewall/vpn product for windows platform.

There are really 2 questions that should help you choose, how much money are you willing to invest and do you need application-level filtering? ISA is _very_ feature rich but also quite expensive, especially compared to the free linux/bsd firewall distributions. Personally I would recommend you to take a look at some of the firewall distributions and try them out. If you find them lacking (which I doubt) maybe ISA is worth a shot. Here's a couple I've had good experiene with, both have a graphical web interface and are fairly easy to use, but there are plenty of others that might suit your needs better:

pfSense (pfSense » Introduction)
IPCop (IPCop.org :: The bad packets stop here!)

25-Mar-2007, 11:00 PM	#1 (permalink)
ps3cheats Fixed Error! Posts: 1,497 Join Date: Mar 2007 Rep Power: 3 IM:	Linux or ISA server ? Question: Yup that's it , Linux or ISA server. Which should I use for a firewall ?

25-Mar-2007, 11:01 PM	#2 (permalink)
ps3cheats Fixed Error! Posts: 1,497 Join Date: Mar 2007 Rep Power: 3 IM:	Re: Linux or ISA server ? Let's start with the basics. In theory, if a server is advertising a service openly to the internet, it is possible that it's misconfigured or has a vulnerability, therefore it can be "hacked". Just by having a port open on a firewall doesn't mean anything, and the number of the port is even more irrelevant. In practise those services residing in well-known ports such as 25, 80 etc tend to be in their default (security) configuration, and quite possibly the latest security patches have not been installed. These things together mean that the server actually _can_ be hacked. There are several types of firewalls, the most basic ones are static packet filters such as ipchains or windows tcp/ip filters that just either allow or disallow traffic to a certain port. Stateful packet inspection (SPI) is a step more advanced, and allow for example inbound traffic on an established outbound connection. Most Linux firewalls fall into this category, such as iptables/netfilter. Application-level proxies are application aware, and can detect anomalies within the traffic itself, knowing what the used protocol such as HTTP should look like and can block certain types of application specific functions. A good firewall does a combination of some or all of these, based on the requirements and resources. When comparing Linux and ISA you're really comparing apples to oranges. Linux is an operating system that has a wealth of different firewall applications, ISA is a proxy/firewall/vpn product for windows platform. There are really 2 questions that should help you choose, how much money are you willing to invest and do you need application-level filtering? ISA is _very_ feature rich but also quite expensive, especially compared to the free linux/bsd firewall distributions. Personally I would recommend you to take a look at some of the firewall distributions and try them out. If you find them lacking (which I doubt) maybe ISA is worth a shot. Here's a couple I've had good experiene with, both have a graphical web interface and are fairly easy to use, but there are plenty of others that might suit your needs better: pfSense (pfSense » Introduction) IPCop (IPCop.org :: The bad packets stop here!)

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)