Cisco is using the PIX software on it's 'network appliance' firewall. I have
seen PIX used on a NOKIA firewall. very powerful firewall rulesets. enjoy
learning how to configure them!
>From: "satyam" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Subject: Re: Hardware Firewall vs Software Firewall
>Date: Wed, 19 Sep 2001 11:20:48 +0530
>
>Hi
>what is Cisco PIX
>a s/w or h/w firewall?
>
>regards
>dp-newbie
>
>----- Original Message -----
>From: Leytens Francois X. <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>; Shaun Prince <[EMAIL PROTECTED]>
>Cc: <[EMAIL PROTECTED]>
>Sent: 18 September 2001 13:48
>Subject: RE: Hardware Firewall vs Software Firewall
>
>
>Hi all,
>
>About this ambiguitus subject, my experience is that :
>
>A software firewall is set on an OS and often, the OS present more security
>holes than any software firewall. The other fact is that one of the
>simpliest info to get is the OS brand and version and therefore it is very
>easy to check all vulnerabilities about that OS. You must then secure your
>OS and then install your firewall and secure it. You need to upgrade both
>OS
>and firewall as well as maintaining both. The fact that a software firewall
>is cheaper is true but don't forget to had the hardware price and the OS
>license. Also, the IP stack with all the networking hardware on the
>computer
>might give you limitations.
>
>A hardware firewall usually work closer to the hardware and most of the
>time
>is integrated to the hardware OS. Often, this OS is unknown and hard to
>attack (I said often and not all the time). When you need to patch your
>firewall, the patch are very often (again) for both OS and firewall and you
>don't need to care about patches for one or the other. In this case, the
>networking hardware and the IP stack are often better and more integrated.
>
>You can even work with a mix of the two (like the nokia one) which is a
>dedicated hardware with a dedicated OS (based on BSD) and with a checkpoint
>licence install on it. In this case the upgrade and maintenance are still
>the same as the hrdware box but working with a software product.
>
>In my point of view, the most critical point to check to make you decision
>is the thruput you need across your firewall.
>
>Hope this can help
>
>regards
>
>Francois X. LEYTENS
>
>********************************
>Francois X. LEYTENS
>Directeur - Ingénieur
>SEDELEC SA VALAIS
>Rue du Chemin de Fer 24
>Case Postale 16
>1958 St Leonard
>--------------------------------
>Tel : +41 27 205 6000
>Direct : +41 27 205 6002
>Mobile : +41 79 205 6002
>Fax : +41 27 205 6001
>Email : [EMAIL PROTECTED]
>********************************
>
> > -----Message d'origine-----
> > De: Devdas Bhagat [SMTP:[EMAIL PROTECTED]]
> > Date: samedi, 15. septembre 2001 08:35
> > À: Shaun Prince
> > Cc: [EMAIL PROTECTED]
> > Objet: Re: Hardware Firewall vs Software Firewall
> >
> > On Fri, 14 Sep 2001, Shaun Prince spewed into the ether:
> > > Could anyone explain to why most people prefer to use software
>firewalls
> > as
> > > opposed to using a hardware firewalls?
> > At some point, your firewall is software. If it was purely hardware,
> > you would not be able to configure it in anyway other than the default
> > settings. The benefits of a hardware (or rather firmware) based
> > firewall is that most work is done very close to the hardware, as
> > opposed to the usual software firewall which runs on an OS, or in an OS
> > kernel.
> > The biggest advantage of a software firewall is that it is cheaper, and
> > easier to upgrade and maintain than a hardware firewall.
> > My recommendation would be to go with what you can secure properly and
> > fits in your budget.
> >
> > Devdas Bhagat
> > --
> > Power corrupts. And atomic power corrupts atomically.
>
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
