I did not really have much expiriance with PIX or other hardware based
firewalls but the reasons you pointed out exist for software based firewalls
as well, update is easy also on software firewalls , regarding trojan horses
, well there are many other exploits for all systems including cisco , in
fact there was one sent to this mailing list in the past few days...
http://www.cisco.com/warp/public/707/PIXfirewallSMTPfilter-pub.shtml so as
far as volnerabilities, they exists as long as hackers do......about having
two systems , I agree but that depands on your budget , in fact having as
much secured gateways as you can is the best thing you can do , but then
again a guest connecting with a laptop directly to your network (switch)
has direct access ,I would consider other security fields such as IDS .....
TheOg
-----Original Message-----
From: Jochen Kaiser [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 21, 2001 4:27 PM
To: Shaun Prince
Cc: [EMAIL PROTECTED]
Subject: Re: Hardware Firewall vs Software Firewall
On Thu, Sep 13, 2001 at 03:11:01PM -0700, Shaun Prince wrote:
> Could anyone explain to why most people prefer to use software firewalls
as
> opposed to using a hardware firewalls?
>
> I have had a few comments from other sys admins that give me the "why the
> hell would you do that?" speech.
>
> I was particularily looking at the Netgear RT311 (http://www.netgear.com)
> which looks like a pretty secure firewall.
1. you cannot say "the firewall". A good secured gateway between two
networks should at least exist of two different systems, so that the
same bug or failure cannot compromise both systems.
2. I personally prefer plain ciscos as firewalls. reasons:
- try to start a hostile process on a cisco router....
much more harder on a cisco then on a host
... try to trojan horse it ...
- updating is very easy
- better network performance then on an ordinary fw
3. another strength is hardening: a cisco is more easily to get
secured then a host.
cheers
Jochen
--
Dipl. Inf. Jochen Kaiser, GPG 0x3C93A870, phone +49 9131 85-28134
Network Administration mailto:[EMAIL PROTECTED]
Regionales Rechenzentrum Universitaet Erlangen-Nuernberg, Germany
GPG public key: http://www.uni-erlangen.de/~unrza2/public_key.txt
