|
Posted by Warren on April 4, 2005, 7:21 pm
If you were Registered and logged in, you could reply and use other advanced thread options
James Knott wrote:
> Warren wrote:
>
>> While most people don't have systems that need real, heavy-duty
>> firewalls,
>> a software firewall is simply a joke. This is especially true when a NAT
>> router will provide better protection for about the same, and sometimes
>> lower cost than software firewalls.
>
> I think you'll find "hardware" firewalls are simply dedicated computers,
> running software, often Linux or Unix. Also, my firewall is an old PC,
> running Linux. Are you saying that IPTables on Linux is a joke?
Of course a "hardware" firewall is really a dedicated box running software.
But you're taking that paragraph out of the context of the message. The
context is that "software" firewall means software running on the same box
it's trying to protect, and "hardware" firewall means a separate piece of
hardware from the one being protected. Whether that separate box is a single
purpose microprocessor, or a microprocessor controlled by special purpose
software is not germane to the discussion. If you wish it to be, then put my
comment back into the context that was clearly intended prior to your
editing.
Any time you're running a software on the same box that you're trying to
protect, you're letting the attackers in. The packets still go past the
interface on the NIC, onto the bus used by the NIC (usually the PCI bus),
and then has to get the attention of the software running on the same OS
that is running other software. Depending on the OS and the software being
run, there is a vulnerability that exists here that does not exist with a
hardware firewall, even if that "hardware" firewall is simply a *nix box
running the same firewall software.
As I said, a software firewall (running on the same box you're trying to
protect) is like locking an interior door to protect your house. It makes
more sense to keep people out of the house in the first place.
--
Warren H.
==========
Disclaimer: My views reflect those of myself, and not my
employer, my friends, nor (as she often tells me) my wife.
Any resemblance to the views of anybody living or dead is
coincidental. No animals were hurt in the writing of this
response -- unless you count my dog who desperately wants
to go outside now.
Care for your landscape with Black and Decker cordless tools
http://www.holzemville.com/mall/blackanddecker/index.html
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map