From owner-freebsd-security Mon Sep 27 17: 4: 1 1999 Delivered-To: freebsd-security@freebsd.org Received: from server.computeralt.com (server.computeralt.com [207.41.29.10]) by hub.freebsd.org (Postfix) with ESMTP id 9202014A2D for ; Mon, 27 Sep 1999 17:03:48 -0700 (PDT) (envelope-from scott@computeralt.com) Received: from scott (scott.computeralt.com [207.41.29.100]) by server.computeralt.com (8.9.1/8.9.1) with ESMTP id UAA02944 for ; Mon, 27 Sep 1999 20:03:37 -0400 (EDT) Message-Id: <4.2.1.4.19990927195047.00d813e0@mail.computeralt.com> X-Sender: scott@mail.computeralt.com X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.1.4 (Beta) Date: Mon, 27 Sep 1999 20:05:24 -0400 To: freebsd-security@freebsd.org From: "Scott I. Remick" Subject: Help me win the MS-Proxy/ipfw war Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Any advice to a small-time network admin for a small (32 employees) company that is stuck in the MS_WAY = ONLY_WAY mindset? We are overdue for a firewall but the PHB wants NT/MS-Proxy installed, while I'm arguing for FreeBSD/ipfw instead. We already have a FreeBSD server managing various tasks (and has done them VERY well, and doesn't crash), so this isn't totally new (ipfw is but I've got books on order and will be reading up). THEY (everyone but me) want MS Proxy because we're a MCSP and they want us to use what we're going to sell, so that we're familiar with it (the suggestion that we use FreeBSD/ipfw and sell that too seems to have fallen on deaf ears). Of course, the fact is that no one actually spends time on this stuff other than me anyway, even though it's set up with the intent that all techs can learn from what we have installed in-house. That argument, too, seems to not be working. Nor the vast difference in hardware requirements (what would you consider the recommended hardware for a FreeBSD firewall gateway to a 128K ISDN link?). Cost of the actual software is $0 in either event, as we get to use MS software for free due to our MCSP status. I need help, as it's me against the masses and I seem to be unable to win them over. The best I've managed is to keep them from making the final decision (only reason we don't have a firewall already). I'm also faced with them wanting to move ALL mail services to the Exchange server (right now only internal Exchange mail gets handled by it, and it routes all internet mail through the FreeBSD box. The Exchange server itself is blocked from the internet at the router) as well as move our website from FreeBSD/Apache to NT/IIS (UGH!). I wish there were more advocates on my side working here to back me up, but alas, we are small, and it's just me, and the boss is in bed with MS it seems. We have some networking techs who do stuff for customers, and they're against me because 1) MS software failures give them a daily source of billable hours, and 2) they resent the FreeBSD server because it makes them look bad, never crashing, while their NT servers need constant attention/reboots. Thanks in advance. ----------------------- Scott I. Remick scott@computeralt.com Network and Information (802)388-7545 ext. 236 Systems Manager FAX:(802)388-3697 Computer Alternatives, Inc. http://www.computeralt.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message