Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Proverbial appliance vs software based firewall

From: bmonkman () icsalabs com
Date: Mon, 14 Oct 2002 13:33:36 -0400
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- From a security point of view, that has been our experience at ICSA
Labs as well. There are plenty of reasons to consider an "appliance"
firewall over a "software based" firewall. But when it comes to
security, "appliance" firewalls do not have any advantage over
"software based" firewalls. There are plenty of vendors on both sides
that get it right. Just as there are vendors on both sides that get
it wrong.

And I won't get into the discussion on how to choose what is best for
you. One size definitely does not fit all. There are plenty of people
here much smarter then myself that have recently made excellent
suggestions on how to make that choice. A search of the Firewall
Wizards archive will help.

Best regards,

Brian Monkman
Firewall Programs Manager
ICSA Labs
1000 Bent Creek Blvd., Suite 200
Mechanicsburg PA 17050
Phone:717.790.8141  Fax:717.790.8170
www.icsalabs.com
PGP Key ID: 0x7E54D5CD



- -----Original Message-----
From: Marcus J. Ranum [mailto:mjr () ranum com]
Sent: Monday, October 14, 2002 1:16 PM
To: Dominic Malig; firewall-wizards () honor icsalabs com
Subject: Re: [fw-wiz] Proverbial appliance vs software based firewall


Dominic Malig wrote:

any updates on the
proverbial firewall appliance vs software firewall
'which is better' discussion(aside from the usuals re
hardened OS, cost, etc.)  


It amazes me that the topic comes up at all!!! :)

Inside every "appliance" is an operating system. Inside
every ASIC or "embedded processor" is software. There's
really no difference other than the packaging. I like
the "appliance" approach because it lets the vendor
guarantee a compatible and well-balanced hardware/software
solution. But it amazes me when someone says "well, it's
an appliance so it must be more secure/reliable/faster"
uh. no.

mjr.
- ---
Marcus J. Ranum                         http://www.ranum.com
Computer and Communications Security    mjr () ranum com

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.1

iQA/AwUBPasA3qMpP5h+VNXNEQLEQgCgzpFta9syKrOlZA4Y9dn5XOVQrlgAn13Q
Tltpsq6AfgdbjLjrA39Satgn
=G84s
-----END PGP SIGNATURE-----

***********************************************************************
This message is intended only for the use of the intended recipient and
may contain information that is PRIVILEGED and/or CONFIDENTIAL.  If you
are not the intended recipient, you are hereby notified that any use,
dissemination, disclosure or copying of this communication is strictly
prohibited.  If you have received this communication in error, please
destroy all copies of this message and its attachments and notify us
immediately.
***********************************************************************

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: