Re: Hardware Firewall??
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


comp.security.firewalls archive

Re: Hardware Firewall??

From: Charles Newman <charlesnewman1@comcast.nospam.net>
Date: Mon Aug 29 2005 - 08:53:58 CEST




"Leythos" <void@nowhere.lan> wrote in message 


news:MPG.1d7781f7b28405e9989d0c@news-server.columbus.rr.com...


In article <xjiPe.32351$d5.187191@newsb.telia.net>, ralphot@telia.com


says...


> Volker Birk skrev:


> > Ralph Höglund <ralphot@telia.com> wrote:


> >


> >>What is the difference between a "hardware firewall" and


> >>a "software firewall"?


> >


> >


> > The latter is sold without the hardware, where it's running.


> >


> > Yours,


> > VB.


> So, a router with firewall incorporated is a "Hardware firewall" then, or?


> There is really not any particular difference after all?



A Firewall that acts as a router is not the same as a router with


firewall features - notice the difference?



Both are appliances, so both are hardware devices. Generally anything


that is a dedicated appliance, used for nothing else, is considered a


"Hardware Firewall". Generally that excludes a PC running an application


that is also used to run anything other than that application.



> I mean if you buy a firewall box, the firewall is after all software.



Not quite the same, it's firmware. Firmware is software, but it's not


anything like running an application on a non-dedicated box.



> So you mean that it is mearly a definition of how it is packaged,


> not how good it is to protect.



Actually, both - a firewall appliance is a device specifically


setup/coded to do ONE thing and it does it very-well. It's specifically


tested to do that one thing and often certified as being able to do that


one thing under all sorts of conditions. As an example, a firewall


running a BSD solution does not run ALL of the BSD solution, only the


parts necessary to act as the firewall and run the firmware coded by the


vendor.



Firewalls (appliances) are also built with less code than a Computer


running an OS and then running a firewall Application. So you have less


chance for error, less chance for exploits, less chance for something to


"slip by" the designers.



> Why I am asking is that many people talk about "hardware firewall"


> as a better solution then the software alternative.



Now you know, and it's 100% true.



> In my opinion it must depend on how the software is configured,


> good filtering with stealthed ports and other security functions and so 


> on.



Nope, hope you understand now why a application running on a PC is not


as secure as an Appliance, and why none of us trust a Firewall


application running on a Non-Dedicated computer.



   How secure a software firewall is will depend on


what it can do. With my software firewall solution,


it is quite flexible, as to be able to block by application


running on the NAT box. It depends on what it can do,


and how well the adminstrator knows how to run it. 


Received on Thu Sep 29 20:05:08 2005