> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Friday, July 06, 2001 2:02 PM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED];
> [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: Re: Hardware or Software
>
>
> According to Ben Nagy:
> >
> >Heh - that was why I said that I don't think it's a
> practical idea. I can't
> >see that it's possible. ALGs need to write stuff off to disk to work
> >properly, and the memory footprint and code complexity of an
> ALG is probably
> >too great to convert to a chip.
> >
>
> This is all bogus.
No, it's theory. The distinction is subtle, but important.
> You cannot put a firewall policy into
> hardware... full stop.
I think you're confusing impractical with impossible.
> You would have a "one size fits all" box that
> would not reflect the sites security policy at all. Unless you can
> cut the chip yourself and whack it in there is no way you can change
> the policy which is not going to work for most set ups.
PROMs, which can be blown as part of the original site config.
> If you want a real hardware firewall just let me duck out the back and
> araldite a couple of rj45 connectors to a brick[...]
That would never work. Bricks aren't 19 inches wide.
> Brett Lymn, Computer Systems Administrator, BAE SYSTEMS
Cheers,
--
Ben Nagy
Network Security Specialist
Marconi Services Australia Pty Ltd
Mb: +61 414 411 520 PGP Key ID: 0x1A86E304
