Nigel,
#A "SOFTWARE" firewall gets the thumbs down because it requires the
additional
#step of getting a machine, installing an OS, hardening it, and then
installing the
#product. Of course, when considering the hardware the capacity of the
machine
#has to be considered so that HurricaneIndy's comment about
speed/efficiency
#may or may not hold true.
There are software firewalls out there that come with the OS already
hardened depending on your definition of hardened. Both the Sidewinder and
the Cyberguard come with the firewall already integrated into the OS and
both have mandatory access controls built-in to prevent attacks and
minimize the area of control if an attack succeeds. You also have the
Checkpoint Firewall-1 on the Nokia platform which is definitaly a software
firewall. With any of these three firewalls all you really need to do is
pop a cd in the cd-rom and install it. After that you just need to
configure your ACL list which you still have to do in a hardware firewall
anyway. There are plenty of so-called hardware firewalls that just run
Linux under the hood too.
Regards,
Jeffery Gieser
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
