The problem is that most "hardware" appliances are really software, even
if it is micro-code in ROM or in ASICs. And that micro-code can have as many
bugs as the software, with the greater problem that one can't patch them.
That said, micro-code is often faster because caching is automatic
and the less of an OS to contend with, the fewer places for bugs. Probably the
more optimum combination is a minimal OS dedicated to being secure like OpenBSD
with a re-writable ROM containing the firewall code. It would require minimum
overhead for code initiation but still be changeable and still have a minimal OS
to cause problems.
-----Original Message-----Well some people may not agree with me on this but a HARDWARE firewall is
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED]
Sent: Thursday, February 22, 2001 19:27
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: Re[2]: topics about firewalls : always if YOU are running a private & pu...
always better than software based.
Because hardware does most of the work, they are typically faster and more
efficient and less prone to break-through's.
I have always thought of software based firewall's (Raptor,Checkpoint) as
very vulnerable due to the OS's they run on and the complexity in the
configuration leads to holes if you dont have a sharp engineer configuring it.
But that's my opinion so please no flames at me =)
Hurricane
