Re: Firewall: dedicated equipament x Unix workstation

["Ryan Russell" <ryanr () sybase com>]

Yes, it's true that some people believe that. :)

Seriosuly though, there's no technical reason that dedicated
hardware will allways be automatically more secure that a
unix workstation.

There's also two ways (at least) to consider the security.. Security
considerations of stuff passing through a firewall, and security of
the box itself on the network.

When considering stuff passing through a box, it's equally easy
to write a bad firewall on either platform.

As for the box being secure as an endpoint, there are still arguements
both ways.  I would claim that a less functional OS *should* have
less to attack, and could gain some extra security that way, but
I've also seen black boxes with real fundamental mistakes that
the unix guys caught 10 years ago.  Also, unix has the massive advantage
of open source review for certain versions, and black boxes most always
have something proprietary.

It's also generally better understood how to lock down a unix box.

Also keep in mind that the obscured OS in the black box is often
a unix of some sort anyway.

You really want to choose the firewall based on how well it handles
your required protocols, though.  The question you pose should only
come up when you have already chosen a firewall, and have to
pick the platform to run it on.  In that case, pick the OS you know
best, or factor in the primary development platform, or something
along those lines.

                    Ryan








Hi,

Some people believe that firewalls running in a dedicated network
device are more secure than the ones running on a generic Unix
workstation.

Is that true, a myth or just a matter of taste?

Best regards,

Carlos Bauer