[Asterisk-Users] Firewall will definately increase jittersinyourvoice conversation

Wiley Siler wsiler at education2020.com
Thu Aug 11 09:23:35 MST 2005


The question was not "can I secure a Linux box without a hardware
firewall".  The question (or statement really) was "will a firewall add
jitter and lower performance".  That answer is obviously a big NO.  Can
you secure a Linux (or even Windows) machine by closing ports?  Sure.
It helps immensely.  However, an advantage of hardware is that you are
physically separating the traffic from the end point.  Sure, all the
ports closed on a Linux box can protect that machine.  However, having
only web (for example) traffic going to your Apache server is really
beneficial.  The server can focus on delivering pages and not spend any
CPU cycles on "is this a good packet?  Should I drop it?".  A firewall
(software or hardware) should also be able to better deal with DOS and
things of that nature. Port securing does nothing to assist with DOS.

So...  You are totally right, you can secure a box that way.  However, a
firewall (be it software or hardware) is far superior a method.  I
prefer the hardware method myself as it is a matter of management and
additional features.  However, for some, a software method may be
better.  I ran Mandrake SNF (a shorewall implementation) for a long time
so I have been there.  Considering you can run a Linux firewall on a 386
machine worth $20 makes the fact that so many people don't have
firewalls seem just ridiculous.

W


-----Original Message-----
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Rich
Adamson
Sent: Wednesday, August 10, 2005 8:58 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: RE: [Asterisk-Users] Firewall will definately increase
jittersinyourvoice conversation

That's a crack of crap sold by the marketing (not sales) people selling
firewalls. "If" you know what you're doing, one can very easily secure
any linux system to function on the Internet (etc) without a firewall.
It all depends on your level of knowledge/skills on how to disable those
items that are not really needed in your environment. Start with a
'netstat -a'
to identify those ports that are listening, and shut those items down
that you don't want exposed.

You "can" do the same for any MS system as well.

------------------------

> Wiley is definitely right. It would be dangerous not to have a 
> firewall for security reasons.
> 
> -----Original Message-----
> From: asterisk-users-bounces at lists.digium.com
> [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Wiley 
> Siler
> Sent: Wednesday, August 10, 2005 2:27 PM
> To: Asterisk Users Mailing List - Non-Commercial Discussion
> Subject: RE: [Asterisk-Users] Firewall will definately increase 
> jitters inyourvoice conversation
> 
> Lokesh,
> 
> While adding a firewall may add a tiny bit of latency (non-noticeable 
> by the way) it in no way means you are gonna get jitter.  An over 
> utilized data line might cause that but a firewall in and of itself 
> will not.  I use a Pix to route my VoIP to an ITSP and I could not be 
> happier.  To say that using a firewall causes high latency is
incorrect.
> 
> Thanks,
> Wiley
> 
> 
> 
> 
> -----Original Message-----
> From: asterisk-users-bounces at lists.digium.com
> [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Lokesh 
> kumar
> Sent: Wednesday, August 10, 2005 10:57 AM
> To: asterisk-users at lists.digium.com
> Subject: [Asterisk-Users] Firewall will definately increase jitters in

> yourvoice conversation
> 
> Hi,
> 
> If you will put firewall, then i think you will get high latency and 
> consequently you will hear voice jitter in your conversation. so avoid

> putting firewall.
> 
> Regards
> Lokesh
> Portugal
> mail lokeshkumar80 at yahoo.co.in
> 
> 
> 	
> 
> 	
> 		
> ____________________________________________________
> Send a rakhi to your brother, buy gifts and win attractive prizes. Log

> on to http://in.promos.yahoo.com/rakhi/index.html
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
> 

---------------End of Original Message-----------------


_______________________________________________
Asterisk-Users mailing list
Asterisk-Users at lists.digium.com
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users



More information about the asterisk-users mailing list