Re: hardware vs software security

From: Florian Reitmeir (squat_at_gmx.net)
Date: 10/27/03 

Date: Mon, 27 Oct 2003 03:08:42 +0100

Hi,

Chuck wrote:

>>Anyway, the org. question was, what is more secure, NOT, what has more
>>features. Features only depend on Software and OS. When I install an
>>software firewall I can upgrade it, patch it, improve it, bug fix it and
>>customize it the way i need it.
> Depending upon software protection only means depending upon keeping
> the software up to date, ahead of the bad guys ability to find and use
> exploits.
we are talking about firewalls not programm errors.
 
> Depending upon hardware protection only means lack of outbound
> protection, plus the possible future event when some black hat
> develops a strategy that lets him bypass NAT protection.
> That's what a layered strategy is about. Multiple products giving you
> complimentary levels of protection. Using BOTH a hardware router and
> a software firewall gives you better protection than either by itself.
> My rule of thumb is you apply protective products until depletion of
> financial resources, system performance, or level of paranoia. I'm
> always paranoid. Others may be more trusting.
intressing point of view,

you are talking about packet filtering, and NAT

where can there a security problem, the only is to correct setup your
filter rules, which is if you want to it correct by your self, hard.

other thing is build multiple protection, and there is your point to use
different products, but when you use a hardware firewall, you use one
product, the querstion is, is this product more secure than a software,
lets say an "personal firewall" ? I doubt. If you are using only a packet
filter, there can't be an difference. If you want more, like an HTTP filter
or some sort of mailfilter, the most advantage of an "hardware firewall" is
in the most cases the simple configuration.

cu Florian

PS: I'm very paranoid, and i use a very good spamfilter.

Relevant Pages