Any help with VPN termination?
Florin Andrei
florin at andrei.myip.org
Thu May 5 03:25:41 UTC 2005
On Wed, 2005-05-04 at 12:38 -0500, Aaron P. Martinez wrote:
> firewall/anything not my favorite choice. The firewall imo, shouldn't
> be running any services that can be attacked, simply passing packets and
> optioally routing.
OTOH, the most rapidly growing market in the security space is UTM
(Unified Threat Management) appliances, which are, essentially, not just
firewall/anything but actually firewall/everything. :-)
Even from a fairly hard-core position it might make sense to combine a
firewall and an IPS since, truth being said, they're the same thing but
acting at different levels in the OSI stack.
Well, provided that the false positives/negatives are low enough. :-)
> if you have a spare 4 or 5 year old machine laying around, consider
> throwing linux or some BSD on it and running openvpn. it's a very
> secure ssl based vpn product and you only need one port opened up in
> your firewall, no gre so no custom kernel needed.
thumbs up
--
Florin Andrei
http://florin.myip.org/
More information about the fedora-list
mailing list