Speed. A good wireline firewall doesn't impede data speed. Security. Running your firewall as a separate physical device adds a layer of protection.
But neither of these are limited to this notion of "software" and "hardware" firewalls. For example, we run Netscreen "hardware" firewalls because they're extremely reliable and extremely fast...and very reasonably priced. Entry level is about US$500. However...if you had the budget to run Firewall-1, go for it. It's consistently written up as one of the best firewalls around. But it's a software package - you run it on a PC. Of course - the idea is you run it on a dedicated PC. Now the Netscreen could be considered "hardware" whereas Firewall-1 could be considered "software". The truth is these terms depend on what's being discussed. It is certainly NOT the case (as was previously mentioned) that software firewalls are inherently more insecure than hardware firewalls - using Firewall-1 as the example. But again, that gets back to my point of the issue being dependent on how you look at it. -----Original Message----- From: Kola Oyedeji [mailto:[EMAIL PROTECTED]] Sent: Sunday, September 22, 2002 3:16 AM To: CF-Server Subject: RE: Firewall Software HI I dont know much about firewalls so forgive me if this sounds like a stupid question but what measures do hardware firewalls put in place that software firewalls cannot? Thanks > >-----Original Message----- > >From: Jim McAtee [mailto:[EMAIL PROTECTED]] > >Sent: 21 September 2002 18:16 > >To: CF-Server > >Subject: Re: Firewall Software > > > > > >----- Original Message ----- > >From: "Adam Reynolds" <[EMAIL PROTECTED]> > >To: "CF-Server" <[EMAIL PROTECTED]> > >Sent: Friday, September 20, 2002 6:47 AM > >Subject: RE: Firewall Software > > > > > >> Can we keep this on topic! > >> > >> I am looking for a software solution, not hardware. :) > >> > >> Personal recommendations of Software Firewalls only and those > >that don't > >> shut everything down when they first start up as I will lose > >contact with > >> the remote server. > > > >IMO, software firewalls on servers are nigh on useless. A web server > >is most likely to be taken conrol of through a port 80 exploit, and > >if you have any > >idea what you're doing, you won't be running services listening on any > >unnecessary ports anyway. You can repel a few DoS attacks (SYN floods, > >perhaps), but by the time a DoS attack makes it all the way to > >the server, you > >can't do much to stem the flood. With a software firewall, once > >an attacker > >has control of machine, he also has control of the firewall and > >probably the > >firewall's logs. Game over. > > > >The inexpensive hardware firewalls out there are getting better and a > >little (or a lot) faster every day. Check out the ZyWALL 10II. A > >nice little firewall for under $300. > > > >Jim > > > > ______________________________________________________________________ Get the mailserver that powers this list at http://www.coolfusion.com ------------------------------------------------------------------------------ To unsubscribe, send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body or visit the list page at www.houseoffusion.com
