Devdas Bhagat ha escrito:
> On Wed, 02 May 2001, Hiemstra, Brenno spewed into the ether:
> > An OS where a hardware based firewall runs on isn't
> > like the same as an OS that runs on a SUN.
> An OS is an OS. There have been plenty of issues with IOS and other
> such OSs as well (See BUGTRAQ). If you want a secure machine, try
> OpenBSD or a Trusted *nix, or something better for your firewall.
Not ony this, "hardware" firewalls could be more complicated to update
in the event of a security issue (Everybody knows how to apply a patch
to *nix, or at least they know where to search... how many of you know
how to apply a "patch" to IOS? You've to reload a full IOS image).
> > You must do a lot more effort on securing Solaris
> > then on an OS that runs on a PIX or Nokia.
> More work for Solaris, how much for OpenBSD?
More over... if you harden an OS, you know what exactly are you opening
and closening... Do you know what *exactly* the vendor are closing
when they give you a box?
> Not flame, but the biggest advantage hardware firewalls have is their
> speed.
And not always... sometimes a good tuned machine could do a better
job than a "hardware firewall".
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
