Firewall Wizards mailing list archives

Re: Hardware vs. Software firewall reliability

From: Vin McLellan <vin () shore net>
Date: Thu, 9 Sep 1999 04:05:02 -0400

        Bill Stout wrote:

What is the current feel of hardware vs. software firewalls?


        Marcus J. Ranum wrote:

I figure in a few years firewalls, intrusion detection systems,
and most dedicated servers will be appliances -- unless there
remains a large corps of dedicated folks who _enjoy_ screwing
around with operating systems. (I mean, I _enjoy_ it, but as a
hobby, not part of my job. My job is to make things work, and
fiddle-ware isn't attractive to senior management in most places
anymore)


        There was a time when every electric motor had a specialist called
an engineer assigned to support it. Now, it would be a very unusual car
owner who had the faintest idea how many electric motors are built into his
vehicle?

         Economics and the attractiveness of a narrowly dedicated
functionality push us in the same direction.   Did you notice the
single-chip "IPic" webserver announced recently -- with an estimated cost of
manufacture less than $1?

        The more limited the functionality (smaller, cheaper), the lower the
value of programmability -- that is,  the lower the demand for access (and
flexibility) in the program.  You may change the time on your standard
electronic watch, but you are not going to learn to reprogram it.  

        Also, the earlier the function of a device is bound into it, the
more resistant it typically is to corruption (e.g., virus, worm, or Trojan
Horse attacks) or other types of interference.

        Bill Murray of Deloitt preaches about this.   With reference to the
single-chip web server, he wrote:

.> Note that the hardware for the iPic already costs less than a 
.>dollar; the value is in the software.  However, while the unit cost
.>of the hardware is constant (at least in the short term), the unit 
.>cost of the of the software falls with the number of units.  In the 
.>long run, the value is not in the hardware (container, substrate,
.>structure, as you will) or software (function) but in the data.   

        Suerte,
                        _Vin

Current thread:

RE: Hardware vs. Software firewall reliability, (continued)
- - - RE: Hardware vs. Software firewall reliability Jules Veloria (Sep 11)
    - RE: Hardware vs. Software firewall reliability Aaron D. Turner (Sep 11)
- Re: Hardware vs. Software firewall reliability Bill Pennington (Sep 08)
  - Re: Hardware vs. Software firewall reliability Christopher C. Petro (Sep 18)
- Re: Hardware vs. Software firewall reliability David Klann (Sep 08)
- Re: Hardware vs. Software firewall reliability Josh Robb (Sep 08)
- Re: Hardware vs. Software firewall reliability Ryan Russell (Sep 08)
- Re: Hardware vs. Software firewall reliability Marcus J. Ranum (Sep 08)
  - RE: Hardware vs. Software firewall reliability Lart (Sep 09)
    - RE: Hardware vs. Software firewall reliability Lart (Sep 11)
- Re: Hardware vs. Software firewall reliability Vin McLellan (Sep 09)
- RE: Hardware vs. Software firewall reliability Bill Stout (Sep 09)
- RE: Hardware vs. Software firewall reliability Ryan Russell (Sep 12)
  - Tripwire like perl program Siglite (Sep 14)
- RE: Hardware vs. Software firewall reliability dwelch (Sep 14)
  - RE: Hardware vs. Software firewall reliability Joe Ippolito (Sep 14)
- RE: Hardware vs. Software firewall reliability Bill Stout (Sep 14)
  - RE: Hardware vs. Software firewall reliability Tina Bird (Sep 18)
  - RE: Hardware vs. Software firewall reliability Joe Ippolito (Sep 18)
  - Re: Hardware vs. Software firewall reliability Chenggong Charles Fan (Sep 18)
- RE: Hardware vs. Software firewall reliability dwelch (Sep 18)

(Thread continues...)