I agree wholeheartedly with Phil's opinion, but would add one note. The only case in my opinion which justifies the speed over security is very-high bandwidth applications, such as a certain place I know that contains 36,000 nodes behind its firewalls. Still, you must weigh the need for security against the need for speed, and security should *always* win.
Mickey -----Original Message----- From: Phil Kramer [mailto:[EMAIL PROTECTED]] Sent: Friday, September 28, 2001 8:23 PM To: [EMAIL PROTECTED] Subject: Re: Hardware Firewall vs Software Firewall My personal opinion is not hardware vs software, but what firewall is most secure. You can talk about PIX, CheckPoint, Linux with IPtables, IPchains and IPfilters but from a security point of view a pure application proxy is more secure. How many people can notice a 20 ms pause? If you want speed get a router with ACLS, that's what PIX is. All these stateful inspection/packet filter technolgies work at too low a level (layers 2-4) to provide enterprise security. For web servers, mail servers etc. you need layer 7 checking. Phil Kramer, SANS GSEC Systems Solutions Technologies, LLC Phone: 615-646-5766 email: [EMAIL PROTECTED]
