Re: Layer 4 switch vs. firewall

[Drew Simonis <dsimonis () fiderus com>]

"kince@hvbs" wrote:
> Can anybody compare layer 3/4 switches w/ firewalls w/ stateful inspection
> using the following criteria:

Apples and oranges here.  Meaning, you can't accurately compare the 
two things.  Switching, no matter what layer you work with, is not
really a security solution.  It is a speed solution.  Switching is 
a layer two sort of thing...  all about MAC addresses.  Layer three
switching is nothing special, just a clever term to discuss a hybrid
route/switch.  Here's a good paper on Layer 3 switching:

http://www.cisco.com/warp/public/cc/so/neso/lnso/cpso/l3c85_wp.htm

Layer 4 switching?  Ha!  Even cleverer!  The nuts and bolts of it are
simple... you can't switch at layer 4.  Layer 4 switching uses 
information from layer 4 to prioritize the traffic.  No security
benefit as far as I see it.  

You'll still need some sort of firewall, even with a segmented network.
Never count on a device designed to forward packets to act as your 
means of security.  IMHO, its just bad math.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards