Topic: Advantadges of e-smith over Norton Internet Security

[Sue Robertson]

Our Division is encouraging practices to install e-smith/smoothwall firewalls to increase security. One of our GPs has recently installed Norton Internet Security & asks if the Linux solution is 'better'.  I'm sure it is, but would like to explain why in more detail. Can anyone help please?

[Dan G.]

There are many, many reasons why a single-pojnt security solution is far better than a solution based on client-side software.  Here's a very quick, and likely incomplete brain dump:

1.  Personal firewalls can be deactivated by the user --- so why bother at all? Constant and incomprehensible pop-ups in NIS tempt users to turn them off -- trust me on this.
2.  Security policies cannot be uniformly enforced, as local configuration settings can vary from system to system.
3.  Status reporting and break-in attempts are not centrally logged.
4.  Client software needs constant updating, and will either be neglected outright, or consume IT staff time to ensure it is done.
5.  Rampant false alarms...

If you have a LAN, you protect the whole thing with a gateway/firewall.  You wouldn't secure your house by leaving the front door wide open, and locking individual bedrooms with those cheapo little locks and flimsy doors --- you put a big deadbolt on the entryway, and control who gets a key....

Dan G.

[Alex]

Well, I have had expearience with both a central firewall and client side firewalls.  I say that the sme server is better because it doesn't slow down the client machines.  I used to have norten personal firewall 2001 on my machine but it would slow the thing down and eventually crap out forcing me to restart.
So in conclution the central gateway/firewall is better.