Thanks for the humor Kriss.
I think the point that Kriss has missed is the integrity of the operating system that
is running on the "standard ole' Intel machine". Purpose built firewall appliances,
like the Cisco PIX run a proprietary operating system. That means that it is a couple
of degrees harder for all those script kiddies out there to find and exploit a
vulnerability in these firewall appliances.
So, if you want to buy and configure a software firewall machine yourself; or even
avail yourself of the services of an integration vendor, you still need to be
concerned with hardening and maintaining the underlying operating system and all that
goes along with that like looking at device drivers, etc... (as well as the software
product).
Now, if you were to purchase a product from Cisco we are very open, honest, and
forthright about any vulnerability that is discovered and reported (in many forums).
We provide technical support to customers 24 hours per day, seven days per week, 365
days per years from locations around the world in a wide variety of customer
languages. We also maintain a comprehensive database of all reported vulnerabilities
and remedies, as well as different versions of our product software and support tools
at our web site. We also technically qualify (and regularly assess) all of our
reseller partners to ensure that they can meet our support standards.
Info about the Cisco PIX is here http://www.cisco.com/go/pix.
Or you can go look at PhoneBoy's site...
Regards,
Brian
>From: Kriss Andsten <[EMAIL PROTECTED]>
>Subject: Re: Hardware Firewall
>
>Hardware firewalls are most often made of concrete or bricks. Their main
>design purpose is to stop heat from spreading. Indeed, if you make a small
>hole in one and plug in a network from one side and an Internet connection
>in a similar small hole on the other side, I suppose it'd be somewhat
>secure.
>
>Jokes aside, 'hardware firewall' is a bit of a misnomer. Most of the time,
>it's just a standard ole' Intel machine painted red, blue or whatever The
>Marketing Department (TM) presumes will look nice in N�tverk &
>Kommunikation, The Duckburg News, The Sun or some other quality
>publication where people write articles about things they, most of the
>time, dont understand. Usually, it's cheaper to buy the machine yourself -
>some vendors are known to charge six times the amount a particular NIC
>would cost over the counter, and I wont even go into what they charge for
>the machine itself. (I think they mumbled something about 'support'..)
>However, this assumes a rough understanding of Unix administration and a
>good one of Unix and network security. Otoh, speaking firewalls, you'll
>never get by without the latter part anyhow, so..
>
>Now, I'm sure someone else will give you some pointers and suggestions.
>They usually do.
Brian Ford
[EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
