I was wondering where most people with full racks or NOCs run their firewalls? Do you do a seperate one for each server or just run one on the swith/router to cover the whole raq or NOC?

Also what firewall software do you run?

I know we recently switched from server based to applianced base firewall solutions for our network. This is nice becuase we configure one machine, who's task is dedicated.

From a management viewpoint, this is a boon. All the portscans and script kiddie attacks are now stopped at one machine, which keeps very detailed logs. Since the machine is dedicated to this task, we can increase logging and monitoring activites without hurting other things, e.g. database access, web servers, email.


I will get the name of the firewall appliance and post it here -- I do not remember it for sure but I think it was one of the Velcoraptors from Cobalt as we have several Raqs here.


You may want to check this out as well:
http://www.linuxsecurity.com/tips/tip-3.html

Seperate appliance :)

Originally posted by JeremyL
I was wondering where most people with full racks or NOCs run their firewalls? Do you do a seperate one for each server or just run one on the swith/router to cover the whole raq or NOC?

Also what firewall software do you run?

A separate box sitting between the "inside" network and the "outside" network.

OpenBSD & ipf (though the latter may change in six months or so)

Originally posted by JeremyL
I was wondering where most people with full racks or NOCs run their firewalls? Do you do a seperate one for each server or just run one on the swith/router to cover the whole raq or NOC?

Also what firewall software do you run?

Also, something I always voice...

Firewalls will NOT necessarily stop hacker's, floods or scans. It is respectively for monitoring and limiting traffic/accessibility on ports.