Firewall Wizards mailing list archives
RE: Proverbial appliance vs software based firewall
From: "Jared Valentine" <hidden () xmission com>
Date: Mon, 14 Oct 2002 22:26:36 -0600
John Pescatore (VP @ Gartner) wrote a good report/article on just this subject. "Software security is soft security: Hardware is required." I'm sure you can make your own assumptions based on the title of the article. :) The paper is probably one you must pay for @ Gartner, but I was able to pull up a cache on it from Google: http://www.google.com/search?q=john+pescatore+%22soft+security%22&btnG=Googl e+Search&hl=en&lr=&ie=UTF-8&oe=UTF-8 Go to the 2nd link and click on "Cached". You can find the full text of the article. A direct link to the cached article is here (sorry for the long link): http://216.239.35.100/search?q=cache:31DW9ISP6pwC:builder.com.com/printerfri endly.jhtml%3Fid%3Dr00720020626jdt01.htm+john+pescatore+%22soft+security%22& hl=en&ie=UTF-8 I especially liked the quote: "Throwing more security software at a security problem that is caused by the essentially insecure nature of software is like going to a blind barber-it can only end badly and, more likely than not, bloodily." While it is correct that all security comes down to "software" at some point, I would argue that hardware is much more secure. The difference between the two is that the hardware manufacturer can build off of a trusted base/OS. They can look at the OS line by line and strip out everything not essential for the operating of that firewall. A software firewall doensn't enjoy the same operating environment. It lies on top of an inheriently unsecure general purpose operating system (ie; Windows), and therefore is subject to all of the vulnerabilities of that operating system. In recent weeks, bugbear has made the rounds. Bugbear was quite different than many viruses out there in that it disables software firewalls and antivirus software. I'm not recommending that anyone go without a software firewall or antivirus, but your best bet defense will be hardware if you wish to ultimately rely upon that solution. This hardware can be an external firewall appliance, or a PCI/PC Card firewall device located in the Server/Desktop/Laptop. With this in light, the future looks interesting with things like TCPA/Palladium. What if you could actually trust the operating system?! Jared Valentine hidden () xmission com -----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-admin () honor icsalabs com]On Behalf Of Dominic Malig Sent: Monday, October 14, 2002 8:37 AM To: firewall-wizards () honor icsalabs com Subject: [fw-wiz] Proverbial appliance vs software based firewall Hi to all, Given topics discussed here, I am quite sure that this was discussed before -- but any updates on the proverbial firewall appliance vs software firewall 'which is better' discussion(aside from the usuals re hardened OS, cost, etc.) Would also appreciate comprehensive links so that I can refer to them as sources... Thanks a lot! __________________________________________________ Do you Yahoo!? Faith Hill - Exclusive Performances, Videos & More http://faith.yahoo.com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Proverbial appliance vs software based firewall Dominic Malig (Oct 14)
- Re: Proverbial appliance vs software based firewall Marcus J. Ranum (Oct 14)
- Re: Proverbial appliance "Its software, Jim!" Anton Aylward (Oct 17)
- Re: Proverbial appliance "Its software, Jim!" Paul D. Robertson (Oct 17)
- Re: Proverbial appliance "Its software, Jim!" Mike Frantzen (Oct 17)
- Re: Proverbial appliance "Its software, Jim!" Stephen D. B. Wolthusen (Oct 17)
- Re: Proverbial appliance "Its software, Jim!" Marcus J. Ranum (Oct 26)
- Re: Proverbial appliance "Its software, Jim!" Anton Aylward (Oct 17)
- Re: Proverbial appliance vs software based firewall Marcus J. Ranum (Oct 14)
- Re: Proverbial appliance vs software based firewall Mikael Olsson (Oct 14)
- RE: Proverbial appliance vs software based firewall Jared Valentine (Oct 15)
- RE: Proverbial appliance vs software based firewall Anton Aylward (Oct 15)
- Re: Proverbial appliance vs software based firewall Gary Flynn (Oct 15)
- Re: Proverbial appliance vs software based firewall Anton Aylward (Oct 15)
- Re: Proverbial appliance vs software based firewall Ryan M. Ferris (Oct 15)
- Re: Proverbial appliance vs software based firewall Volker Tanger (Oct 16)
- Re: Proverbial appliance vs software based firewall Christopher Hicks (Oct 16)
- Re: Proverbial appliance vs software based firewall Paul D. Robertson (Oct 16)
- Re: Proverbial appliance vs software based firewall Bennett Todd (Oct 16)
- Message not available
- Re: Proverbial appliance vs software based firewall Marcus J. Ranum (Oct 26)
- RE: Proverbial appliance vs software based firewall Anton Aylward (Oct 15)
- Re: Proverbial appliance vs software based firewall Marcus J. Ranum (Oct 26)