RE: Software/Hardware Firewall

["Jon Pastore" <jpastore () idetech net>]

Yes you are correct...goes back to Cisco is really a software company
selling their IOS on their hardware...I was trying to say that
difference between iptables on al Linux box or a device devoted to just
fire walling like a watch guard or the like...

Jon Pastore, President
IDE Tech, Inc.
(954) 360-0393 Office
(954) 428-0442 Fax



-----Original Message-----
From: thedistance [mailto:thedistance () 1thedistance com] 
Sent: Thursday, April 17, 2003 1:22 PM
To: jpastore () idetech net
Cc: security-basics () securityfocus com
Subject: Re: Software/Hardware Firewall


Actually, correct me if I'm wrong, but all firewalls are software. It's
just some are packaged with specific hardware packages. This is true for
Cisco Pix, Netscreen, and I believe the Watch Guard as well as others.
The only difference is that the software is customized for specific
hardware and the software has limited interaction with the end user. A
hardware firewall would be a dangerous beast since once an exploit is
found you would have to purchase a new device or send it in to be
refitted. I believe the differences are more clearly expressed in terms
of "Prepackaged Firewall" and "Build your own Firewall"


td


I've never cared hardware versus software, as long as the job got done.
I mean technically you would have less problems with hardware (someone's
going to flame me for that) the reason I say this is I have a dell
server using iptables with 2 nics and you would think everything would
be fine...well the driver that kudzu picked was deprecated by Red Hat
and I had this problem where something got over flowed or hung
...whatever... and iptables said I can't deal with this let the packets
FLOW...all goes back to this deprecated driver...if it's deprecated
remove it...I understand leaving in nslookup but drivers? Come on that
was a potential bad problem that we were lucky we found first...

Anyway we're purchasing a Watch Guard Firebox 1000 this thing seems
pretty kewl...

Jon Pastore, President
IDE Tech, Inc.
(954) 360-0393 Office
(954) 428-0442 Fax



On 4/16/03 2:43 PM, "Jon Pastore" <jpastore () idetech net> wrote:

> security-basics () securityfocus com

--
thedistance 



---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the 
world's premier event for IT and network security experts.  The two-day 
Training features 6 hand-on courses on May 12-13 taught by professionals.  
The two-day Briefings on May 14-15 features 24 top speakers with no vendor 
sales pitches.  Deadline for the best rates is April 25.  Register today to 
ensure your place.  http://www.securityfocus.com/BlackHat-security-basics 
----------------------------------------------------------------------------