RE: Hardware Firewall vs Software Firewall

From: Mickey S. Olsberg (molsberg@hotmail.com)
Date: 10/01/01


From: "Mickey S. Olsberg" <molsberg@hotmail.com>
To: "'Phil Kramer'" <pkramer@2st.net>, <security-basics@securityfocus.com>
Subject: RE: Hardware Firewall vs Software Firewall
Date: Mon, 1 Oct 2001 12:01:26 -0700
Message-ID: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAg0HFAqtv1BGF0wBgCN6/I8KAAAAQAAAARW6qcAelTEC9LOQ2ktK6AwEAAAAA@hotmail.com>

I agree wholeheartedly with Phil's opinion, but would add one note. The
only case in my opinion which justifies the speed over security is
very-high bandwidth applications, such as a certain place I know that
contains 36,000 nodes behind its firewalls. Still, you must weigh the
need for security against the need for speed, and security should
*always* win.

Mickey

-----Original Message-----
From: Phil Kramer [mailto:pkramer@2st.net]
Sent: Friday, September 28, 2001 8:23 PM
To: security-basics@securityfocus.com
Subject: Re: Hardware Firewall vs Software Firewall

My personal opinion is not hardware vs software, but what firewall is
most secure. You can talk about PIX, CheckPoint, Linux with IPtables,
IPchains and IPfilters but from a security point of view a pure
application proxy is more secure. How many people can notice a 20 ms
pause? If you want speed get a router with ACLS, that's what PIX is.
All these stateful inspection/packet filter technolgies work at too low
a level (layers 2-4) to provide enterprise security. For web servers,
mail servers etc. you need layer 7 checking.

Phil Kramer, SANS GSEC
Systems Solutions Technologies, LLC
Phone: 615-646-5766
email: pkramer@2st.net



Relevant Pages

  • Re: [fw-wiz] Host based vs network firewall in datacenter
    ... My opinion is that anything you can do is better than nothing. ... implementations, and they bury their head in the sand regarding it. ... However, as someone concerned about security, I don't think you should ... > 3) This option is good because it will allow us to apply stateless ACLs at the gateway and centralize the management of firewall functions. ...
    (Firewall-Wizards)
  • Re: Zone alarm,zone alarm...so what
    ... > What about Sygate free version? ... That's an opinion question. ... security) operating system isn't wise either. ... just installing a firewall. ...
    (comp.security.firewalls)
  • Re: Windows Firewall turns off
    ... I have not seen any security suites that I ... MS-MVP Windows - Shell/User ... along with your anti-virus and firewall, then there simply is not any ... Should I use both the built-in firewall and a software firewall ...
    (microsoft.public.windowsxp.security_admin)
  • Re: what should I do when....
    ... I'd love to see what simple, clean and well managed network security ... But the Firewall ... I do stand by my *opinion* that a firewall is not a security ...
    (Security-Basics)
  • Re: Windows Firewall turns off
    ... If you can use one program which provides all of your security ... my PC but every time I turn onthe PC the Windows firewall is ... Is there a way to have Windows firewall start with the PC as ... Should I use both the built-in firewall and a software firewall ...
    (microsoft.public.windowsxp.security_admin)