Re: Proverbial appliance vs software based firewall

[Mikael Olsson <mikael.olsson () clavister com>]

Dominic Malig wrote:
> [...] appliance vs software firewall 'which is better' [...]

Given that we tout both software packages and appliances, I think I 
can authoratively say that there is virtually zero difference between 
the concepts.  For _our_ stuff, the only difference is that we know 
beforehand that the software works reasonably well with the hardware.

So, a generalistic discussion about software/appliance is
pretty much a moot point.

Now, if you want to discuss pros and cons of software/appliance for
specific firewall vendors, I'm sure we can come up with more 
interesting points.  For instance, I believe that most people will
get a more secure solution if they buy FW-1 on a Nokia box, rather
than setting FW-1 up on Solaris, or (horror!) NT for that matter.
Why?  I believe Nokia does a good job of hardening their boxes; likely
a better job than most people can do hardening Solaris/NT boxes. That is 
not to say that someone really clueful can't harden a Solaris box better, 
given enough time, but that's generally speaking not the case.

On the other hand, I'd say that f.i. FW-1/Gauntlet/Raptor on NT has 
better chances of securing your network properly than, for instance,
a "Netgear broadband router with firewall functionality", even though 
the latter is an appliance.


... want me to keep ranting? :)

/Mikael

-- 
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden
Phone: +46 (0)660 29 92 00   Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50       WWW: http://www.clavister.com

"Senex semper diu dormit"
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards