Way to go Nigel,
That's how I separate the 2 species. A special hardware that comes
preconfigured to be a firewall doesn't necessary mean it's not a good
firewall.
Let's go back to Netscreen for example. Ok, it has a GUI interface for the
end-user. But you know what, a firewall should never be configured by a
typical end-user so if your company uses that kind of personal as their
security expert, it's their fault, not the device. The GUI features just make
things easier to configure.
And for the CLI guru's, there will always be support for command line
interface which in turn will always provide more features not available
through GUI.
For the OS's minded people, you have to build the system so you need working
knowledge in that particular area. Configure and harden the system, ADD
another NIC card to make it a Multi-Homed Machine and configure
Packet-Forwarding.
Always stay up to date on latest patches for the Firewall AND the OS.
In my opinion there is just too much involved and to set up a firewall that
way.
Don't get me wrong, I have setup many OS's Firewalls and they do their jobs
well, I just personally prefer the hardware devices.
As for the comment on bugs with ASIC's, yes that is absolutley true.
But there are bugs with Firewalls, OS and maybe even NIC card drivers that
you have to keep up with compared to software based...
Hurricane
- hardware vs software firewalls. Hedges, Nigel
- Re: hardware vs software firewalls. HurricaneIndy
- Re: hardware vs software firewalls. Devin L. Ganger
- RE: hardware vs software firewalls. Reckhard, Tobias
- Re: hardware vs software firewalls. Jeffery . Gieser
- Re: hardware vs software firewalls. Danny Zak
