Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Proverbial appliance vs software based firewall

From: Gary Flynn <flynngn () jmu edu>
Date: Tue, 15 Oct 2002 12:27:49 -0400
Anton Aylward wrote:


On Tue, 2002-10-15 at 00:26, Jared Valentine wrote:


While it is correct that all security comes down to "software" at some
point, I would argue that hardware is much more secure.  The difference
between the two is that the hardware manufacturer can build off of a trusted
base/OS.  They can look at the OS line by line and strip out everything not
essential for the operating of that firewall.


So could some customers and they could do it with their specific 
needs in mind.


I think that you "DON'T GET" Marcus's comment.
Hardware in this sense is still software - embedded systems.
Nothing in the Gartner paper contradicts that.


Another way of looking at it is the difference between software
installed and configured by the vendor vs software installed
and configured by the customer...or maybe even proprietary vs
open source (sorry, couldn't resist).

The effectiveness probably depends on the needs and capabilities
of the target market. I'm sure NSA would like the opportunity
to inspect and tune their own kernel and OS configuration while 
a small company consisting mostly of web developers would rather 
leave that chore to the vendor (and therefore trust them with
their security).

One could make similar arguments either way for "appliance" web 
servers, mail servers, or other turn-key systems.

-- 
Gary Flynn
Security Engineer - Technical Services
James Madison University

Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/runsafe
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: