On Mon, 2003-07-07 at 09:30, Bryan S. Sampsel wrote:
> (snipped for brevity)
> 
> Keith A. Glass wrote:
> > -----Original Message-----
> <snip>
> > 
> > 
> > I admit to a predjudice towards firmware-based firewalls, only because the
> > underlying OS's of an OS-based firewall may or may not be properly hardened.
> 
> <snip>
> 
> Likewise, some idiot can (and I've seen this happen) create a wide-open 
> ACL on a PIX firewall.  Doesn't make the box the problem.  Means it was 
> misconfigured and not hardened enough.
> 
> bryan
<snip some good points>

While I agree anything can be misconfigured, I think the point Bryan was
trying to make is that most reasonable people will assume a software
based firewall comes on an already hardened OS.  They wouldn't
intuitively know that they need to harden the OS themself (and after
all, is that why you buy a firewall instead of build one?).

You can misconfigure a software or firmware based firewall, but at least
the firmware firewalls come pre-hardened so you can concentrate on
writing rules and not worry so much about the fundamental security of
the platform.

my $0.02

--
Brian Keefer


---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------

Reply via email to