Firewall Wizards mailing list archives
Re: Firewall: dedicated equipament x Unix workstation
From: "Ryan Russell" <ryanr () sybase com>
Date: Fri, 2 Oct 1998 17:19:43 -0700
Yes, it's true that some people believe that. :) Seriosuly though, there's no technical reason that dedicated hardware will allways be automatically more secure that a unix workstation. There's also two ways (at least) to consider the security.. Security considerations of stuff passing through a firewall, and security of the box itself on the network. When considering stuff passing through a box, it's equally easy to write a bad firewall on either platform. As for the box being secure as an endpoint, there are still arguements both ways. I would claim that a less functional OS *should* have less to attack, and could gain some extra security that way, but I've also seen black boxes with real fundamental mistakes that the unix guys caught 10 years ago. Also, unix has the massive advantage of open source review for certain versions, and black boxes most always have something proprietary. It's also generally better understood how to lock down a unix box. Also keep in mind that the obscured OS in the black box is often a unix of some sort anyway. You really want to choose the firewall based on how well it handles your required protocols, though. The question you pose should only come up when you have already chosen a firewall, and have to pick the platform to run it on. In that case, pick the OS you know best, or factor in the primary development platform, or something along those lines. Ryan Hi, Some people believe that firewalls running in a dedicated network device are more secure than the ones running on a generic Unix workstation. Is that true, a myth or just a matter of taste? Best regards, Carlos Bauer
Current thread:
- Firewall: dedicated equipament x Unix workstation Carlos Henrique Bauer (Oct 02)
- Re: Firewall: dedicated equipament x Unix workstation David Bonn (Oct 05)
- Re: Firewall: dedicated equipament x Unix workstation Joseph S. D. Yao (Oct 05)
- <Possible follow-ups>
- Re: Firewall: dedicated equipament x Unix workstation Ryan Russell (Oct 05)
- RE: Firewall: dedicated equipament x Unix workstation Gary Crumrine (Oct 05)
- RE: Firewall: dedicated equipment x Unix workstation Frank Willoughby (Oct 06)
- Re: Firewall: dedicated equipament x Unix workstation Matthew Patton (Oct 13)
- Re: Firewall: dedicated equipament x Unix workstation sedwards (Oct 14)