You
guys would obviously know more about this than I - so PLEASE correct me if I'm
wrong (please)
A
"HARDWARE" firewall, is merely a pre-configured box that comes in a unique
manufactured casing, with a 'hidden' OS. ie. Ages ago I used a neat "hardware"
firewall which had freeBSD behind it. But for all intents and purposes it looked
like an Atari2600 on steroids. They used to be just packet filters, but as time
has progressed in order to survive they have included stateful and proxy level
features, with a nice pretty GUI that makes management go
"wooooo".
A
"SOFTWARE" firewall gets the thumbs down because it requires the additional step
of getting a machine, installing an OS, hardening it, and then installing the
product. Of course, when considering the hardware the capacity of the machine
has to be considered so that HurricaneIndy's comment about speed/efficiency may
or may not hold true.
Summary: Hardware firewall means you know what you are
getting (we hope). Software firewall means you get more individual choice, but
also includes alot of hardwork and attention to detail.
But
regardless of H/W or S/W, isn't a typical ploy to make this product
pre-configured with their features turned on (must....sell......features.....),
so a newbie security administrator (read: tech support officer who got dumped
with doing security) also goes "wooooo" and therein lies a potential weakness.
There
are obvious pros and cons - and I'd be interested to hear from the professionals
out there who know these advantages or disadvantages more than I
do.
Regards,
Nigel
H
-----Original Message-----Well some people may not agree with me on this but a HARDWARE firewall is
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, 23 February 2001 11:27 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: Re[2]: topics about firewalls : always if YOU are running a private & pu...
always better than software based.
Because hardware does most of the work, they are typically faster and more
efficient and less prone to break-through's.
I have always thought of software based firewall's (Raptor,Checkpoint) as
very vulnerable due to the OS's they run on and the complexity in the
configuration leads to holes if you dont have a sharp engineer configuring it.
But that's my opinion so please no flames at me =)
Hurricane
