I doubt that any 1005 hardware solution exists today, and I'm not
certain that such a thing, if possible, is necessarily desirable or
useful.
I think a more typical taxonomy divides the field into:
1. Hardware: Dedicated devices/appliances. Technically, this would
include both firewall boxes and firewall featuresets on dedicated
switch or router boxes.
2. Software: Driver-level and kernel-level software that adds
security to a general-purpose OS. Technically, this includes both
applications intended to turn generic hardware/OS into a dedicated
firewall box, and applications intended to run directly on a
host/client.
There are those who will object to FW-1 (on Solaris or NT...) and
ZoneAlarm both being lumped into the second category; there are those
who will object to a LinkSys router and a NetScreen box sharing the
first.
Note that there are both packet filters and proxies in the Software
category; while I know of no specific proxy products that fall into
the first category, there is no reason in principle that they could
not exist, and I suspect they do. So this does nopt exactly parallel
the packet filter vs. proxy taxonomy that is also commonly applied.
My rule of thumb: If a stranger can pick out the firewall by
looking, it's hardware. If it's not a separate box, or if it's a
generic "server" box that said stranger would need to be told was
running the firewall application, then it's software.
David Gillett
On 6 Jul 2001, at 11:59, Ben Nagy wrote:
> I think a better definition is that a "hardware based firewall" would need
> to run dedicated ASICs (or whatever) for all firewall functions.
>
> Anything that uses any kind of code that runs in read / writeable RAM is a
> software solution. And yes, that includes firewalls that boot from read-only
> media.
>
> Any other definition is sophistry. A Cisco PIX is no more "hardware" than a
> linux box running iptables.
>
> As far as I know there are no extant hardware based firewalls. None. Nil.
> Zip.
>
> Cheers,
>
> --
> Ben Nagy
> Network Security Specialist
> Marconi Services Australia Pty Ltd
> Mb: +61 414 411 520 PGP Key ID: 0x1A86E304
>
> > -----Original Message-----
> > From: Steven Pierce [mailto:[EMAIL PROTECTED]]
> > Sent: Friday, July 06, 2001 11:13 AM
> > To: Zachary Uram
> > Cc: [EMAIL PROTECTED]
> > Subject: Re: zone alarme and udp 44767
> >
> >
> >
> >
> > Zachary,
> >
> > A hardware solution is one that is like a machine. So if you
> > took a router that had a firewall built into it
> > that would be a hardware solution. Anything that is
> > physically on your desk,etc is hardware. Software is
> > anything installed on the machine, so zonealarm would
> > software. Now you can have hardware and software also.
> > If you have Linux (Any Flavor) installed on a old 486 that
> > would be both hard and soft.
> >
> > Does that help??
> >
> > Steven
> >
> > If anyone on the list would like to add to this please do, or
> > if I am off base please let me know.
> >
> > S
> >
> > *********** REPLY SEPARATOR ***********
> >
> > On 7/4/2001 at 01:12 Zachary Uram wrote:
> >
> > >eh?
> > >what is a 'hardware solution'?
> [...]
>
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
