You forgot one other problem with software firewalls, Bob: Since the firewall is installed on top of the OS it suffers from any/all vulnerabilities that are present in the OS itself.
On 6/12/06, Robert Everland III <[EMAIL PROTECTED]> wrote: > I realize you're after an answer for a software based firewall, but what > we're trying to tell you in a not so helpful way is that it isn't recommended > to put a software firewall on an OS. It adds overheard, can cause > instability, and if you're that worried about malware sending things from > your box then you have a bigger issue than a firewall will help. > > The recommended method is a hardware based firewall, put the server in a DMZ > behind the firewall and it's not allowed to be touched with anything besides > the approved upon open ports, and put antivirus on the computer. Keep up with > updates and patches and your server will be just fine. Also if you can try to > move different services to different servers so if there is a 0 day > vulnerability it will only affect one server. > > > > Bob Everland > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:243237 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54