Re: [Full-Disclosure] Why should one buy (or not) an Appliance-based security gateway?

From: Paul Schmehl (pauls_at_utdallas.edu)
Date: 07/30/04

  • Next message: Aaron Horst: "Re: Re: [Full-Disclosure] Cool Web Search" 
    To: Bernardo Santos Wernesback <bernardo@ish.com.br>, full-disclosure@lists.netsys.com
Date: Fri, 30 Jul 2004 13:34:02 -0500

    --On Friday, July 30, 2004 02:55:04 PM -0300 Bernardo Santos Wernesback
    <bernardo@ish.com.br> wrote:
    >
    > A few colleagues and I started a discussion as to why one should or
    > shouldn't buy an appliance-based firewall, ids/ips or other security
    > appliance instead of installing software on a server.
    >
    > We thought about patching, performance, and other reason for each option
    > but I'd like to hear what other people think.
    >
    > I would really appreciate if you could share your thoughts with me.
    >
    1) Most appliance-based devices do not allow access to the operating system
    from the application. In fact, they don't even allow access to the
    application, except for its configuration.

    2) Most appliance-based devices have a kernel and OS that is specifically
    built (or the latest buzz word "purpose-built") for the service they
    provide, making them capable of running on lower speed processors and lower
    memory footprints than a general purpose OS (or conversely, capable of
    doing a great deal more with the same CPU speed and memory footprint.)

    Those are the two main benefits that I hear most often touted. I haven't
    done any research into those claims. Perhaps someone else has?

    Paul Schmehl (pauls@utdallas.edu)
    Adjunct Information Security Officer
    The University of Texas at Dallas
    AVIEN Founding Member
    http://www.utdallas.edu/ir/security/

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Aaron Horst: "Re: Re: [Full-Disclosure] Cool Web Search"