I agree. The main features of the "hardware"
firewalls that interest me are the lack of a HD to
fail and the lack of a GP OS that has tools that can
can be exploited if the machine is cracked. Obviously
there is a tradeoff. But a "hardware" PF like
netscreen has a very limited set of tools for the bad
guy to exploit and he can't (very difficult) put his
own on the machine.
acs
--- Ben Nagy <[EMAIL PROTECTED]> wrote:
> Heh - that was why I said that I don't think it's a
> practical idea. I can't
> see that it's possible. ALGs need to write stuff
off
> to disk to work
> properly, and the memory footprint and code
> complexity of an ALG is probably
> too great to convert to a chip.
>
> If your question is "why can't we run an ALG that
> doesn't have a HDD" then
> that's different. Yeah, it would be kind of cool to
> run an ALG off RO media,
> but I'm not sure how much more secure it is than an
> ALG running off "normal"
> HDDs. There are only a limited number of attack
> vectors that you block, and
> they don't seem to be the most common / most
> dangerous (based on the couple
> of minutes I just spent thinking about it - I could
> be having a crazy
> moment, though). Technically, it's very doable -
RAM
> is cheap enough now to
> have, say, a 1GB RAMdisk and boot off flash or a
CD.
>
> Cheers,
>
> --
> Ben Nagy
> Network Security Specialist
> Marconi Services Australia Pty Ltd
> Mb: +61 414 411 520 PGP Key ID: 0x1A86E304
>
> > -----Original Message-----
> > From: acs [mailto:[EMAIL PROTECTED]]
> > Sent: Friday, July 06, 2001 1:24 PM
> > To: Ben Nagy; 'Steven Pierce'
> > Cc: [EMAIL PROTECTED]
> > Subject: RE: Hardware or Software
> [...]
> > The
> > interesting question is when will full featured
> > application layer firewalls be running on
> "hardware"
> > like this.
> >
> > acs
> [...]
__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
