I don't know if anyone has addressed this yet, but most of the reasons
for choosing a hw firewall over a sw one is purely throughput. A
software firewall, while more robust and much more configurable (for
things like mail filtering), takes a lot more time to pass packets than
a hardware firewall, and as such cannot handle the sheer load or
bandwidth utilization that a hw one can. Think of a hardware firewall,
such as the PIX, as a glorified router with specialized Access Control
Lists, hence the reason for it being faster.
My .02,
Mickey
-----Original Message-----
From: Luke LeBoeuf [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 19, 2001 11:42 AM
To: 'satyam'; [EMAIL PROTECTED]
Subject: RE: Hardware Firewall vs Software Firewall
Hard Ware with proprietary IOS.
Luke S. LeBoeuf
Riptech, Inc.
Real-Time Information Protection
(c)703.593.6127
(e)[EMAIL PROTECTED]
http://www.riptech.com/
-----Original Message-----
From: satyam [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 19, 2001 1:51 AM
To: [EMAIL PROTECTED]
Subject: Re: Hardware Firewall vs Software Firewall
Hi
what is Cisco PIX
a s/w or h/w firewall?
regards
dp-newbie
----- Original Message -----
From: Leytens Francois X. <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; Shaun Prince <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: 18 September 2001 13:48
Subject: RE: Hardware Firewall vs Software Firewall
Hi all,
About this ambiguitus subject, my experience is that :
A software firewall is set on an OS and often, the OS present more
security holes than any software firewall. The other fact is that one of
the simpliest info to get is the OS brand and version and therefore it
is very easy to check all vulnerabilities about that OS. You must then
secure your OS and then install your firewall and secure it. You need to
upgrade both OS and firewall as well as maintaining both. The fact that
a software firewall is cheaper is true but don't forget to had the
hardware price and the OS license. Also, the IP stack with all the
networking hardware on the computer might give you limitations.
A hardware firewall usually work closer to the hardware and most of the
time is integrated to the hardware OS. Often, this OS is unknown and
hard to attack (I said often and not all the time). When you need to
patch your firewall, the patch are very often (again) for both OS and
firewall and you don't need to care about patches for one or the other.
In this case, the networking hardware and the IP stack are often better
and more integrated.
You can even work with a mix of the two (like the nokia one) which is a
dedicated hardware with a dedicated OS (based on BSD) and with a
checkpoint licence install on it. In this case the upgrade and
maintenance are still the same as the hrdware box but working with a
software product.
In my point of view, the most critical point to check to make you
decision is the thruput you need across your firewall.
Hope this can help
regards
Francois X. LEYTENS
********************************
Francois X. LEYTENS
Directeur - Ingénieur
SEDELEC SA VALAIS
Rue du Chemin de Fer 24
Case Postale 16
1958 St Leonard
--------------------------------
Tel : +41 27 205 6000
Direct : +41 27 205 6002
Mobile : +41 79 205 6002
Fax : +41 27 205 6001
Email : [EMAIL PROTECTED]
********************************
> -----Message d'origine-----
> De: Devdas Bhagat [SMTP:[EMAIL PROTECTED]]
> Date: samedi, 15. septembre 2001 08:35
> À: Shaun Prince
> Cc: [EMAIL PROTECTED]
> Objet: Re: Hardware Firewall vs Software Firewall
>
> On Fri, 14 Sep 2001, Shaun Prince spewed into the ether:
> > Could anyone explain to why most people prefer to use software
> > firewalls
> as
> > opposed to using a hardware firewalls?
> At some point, your firewall is software. If it was purely hardware,
> you would not be able to configure it in anyway other than the default
> settings. The benefits of a hardware (or rather firmware) based
> firewall is that most work is done very close to the hardware, as
> opposed to the usual software firewall which runs on an OS, or in an
> OS kernel. The biggest advantage of a software firewall is that it is
> cheaper, and easier to upgrade and maintain than a hardware firewall.
> My recommendation would be to go with what you can secure properly and
> fits in your budget.
>
> Devdas Bhagat
> --
> Power corrupts. And atomic power corrupts atomically.
