Laurie Brown wrote on 16 April 2003 14:14:
Those'll be the Draytek Vigor 2600s I suppose. They really look the business, but I still prefer a "real" iptables firewall I can manage and control from afar, so that's what we install.
Yes - both the wireless and non-wired variety. While I agree with you entirely that a proper Linux firewall solution is best, we do not have the luxury of having everybody behind a Linux box at home (particularly the engineering department who are primarily made of Windows XP laptop and Mac users).
The main problem I have with the built-in stuff like all these firewall/router/NAT/dhcp/DNS/etc things is vulnerabilities. They rarely come up in bugtraq, and I'm sure it's not because they are so secure. I think it's a reflection of the userbase not being technical or trying to break them. With a standard Linux box running iptables/snort I know where I am, and what I need to do. Just a preference...
Again, agreed on all points. The firmware on these things isn't open-source either, so you can't simply have a read of the source code to see if anything looks suspect or just plain wrong. However, I've never came across a security flaw yet with these things, but it's only a matter of time, as they say....
Regards,
Martyn