RE: Proverbial appliance vs software based firewall

["Jared Valentine" <hidden () xmission com>]

John Pescatore (VP @ Gartner) wrote a good report/article on just this
subject.  "Software security is soft security: Hardware is required."  I'm
sure you can make your own assumptions based on the title of the article.
:)  The paper is probably one you must pay for @ Gartner, but I was able to
pull up a cache on it from Google:

http://www.google.com/search?q=john+pescatore+%22soft+security%22&btnG=Googl
e+Search&hl=en&lr=&ie=UTF-8&oe=UTF-8

Go to the 2nd link and click on "Cached".  You can find the full text of the
article.  A direct link to the cached article is here (sorry for the long
link):

http://216.239.35.100/search?q=cache:31DW9ISP6pwC:builder.com.com/printerfri
endly.jhtml%3Fid%3Dr00720020626jdt01.htm+john+pescatore+%22soft+security%22&
hl=en&ie=UTF-8

I especially liked the quote:

"Throwing more security software at a security problem that is caused by the
essentially insecure nature of software is like going to a blind barber-it
can only end badly and, more likely than not, bloodily."

While it is correct that all security comes down to "software" at some
point, I would argue that hardware is much more secure.  The difference
between the two is that the hardware manufacturer can build off of a trusted
base/OS.  They can look at the OS line by line and strip out everything not
essential for the operating of that firewall.

A software firewall doensn't enjoy the same operating environment.  It lies
on top of an inheriently unsecure general purpose operating system (ie;
Windows), and therefore is subject to all of the vulnerabilities of that
operating system.

In recent weeks, bugbear has made the rounds.  Bugbear was quite different
than many viruses out there in that it disables software firewalls and
antivirus software.  I'm not recommending that anyone go without a software
firewall or antivirus, but your best bet defense will be hardware if you
wish to ultimately rely upon that solution.  This hardware can be an
external firewall appliance, or a PCI/PC Card firewall device located in the
Server/Desktop/Laptop.

With this in light, the future looks interesting with things like
TCPA/Palladium.  What if you could actually trust the operating system?!

Jared Valentine
hidden () xmission com



-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com
[mailto:firewall-wizards-admin () honor icsalabs com]On Behalf Of Dominic
Malig
Sent: Monday, October 14, 2002 8:37 AM
To: firewall-wizards () honor icsalabs com
Subject: [fw-wiz] Proverbial appliance vs software based firewall


Hi to all,

Given topics discussed here, I am quite sure that this
was discussed before -- but any updates on the
proverbial firewall appliance vs software firewall
'which is better' discussion(aside from the usuals re
hardened OS, cost, etc.)  Would also appreciate
comprehensive links so that I can refer to them as
sources...

Thanks a lot!



__________________________________________________
Do you Yahoo!?
Faith Hill - Exclusive Performances, Videos & More
http://faith.yahoo.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards