Re: firewall appliance and software/hardware combination

From: Leythos (void_at_nowhere.com)
Date: 10/26/03 

Date: Sun, 26 Oct 2003 15:06:14 GMT

In article <3f9bb0a8$1@news.rivernet.com.au>, aldo@aldo.net says...
> This one is great! Thanks for your help!
>
> aldo
> "Ida Young" <nospam@rogers.com> ¼¶¼g©ó¶l¥ó·s»D
> :agCmb.1902$7B1.645@news04.bloor.is.net.cable.rogers.com...
> > "Software" firewall or "hardware" firewall?
> > (http://www.itshield.com/faq.html#q_1_2)

I gotta tell you- this is like listening to a campaign speech - a little
truth wrapped in misinformation:

Here is was the site said about Hardware Firewalls: By comments with [[
in front of them

"hardware" firewall drawbacks:
1) If the hardware breaks, you cannot replace it yourself with your own
spare computers.

[[ Anyone that owns a real firewall can replace it as quickly as anyone
that ones a computer running a firewall. In the case of the firewall,
you can get a spare (same with a computer) or you can get a new one -
the same process for the person using the computer method.
 
2) CPU in "hardware" firewall is much less powerfully than CPU used by
"software" firewall.

[[ The CPU in the firewall doesn't have to play Quake or anything else,
it only has one thing to do. Why would you want a P4 Xeon CPU in your
firewall if you could never utilize it's power (just so you could pay
more).
 
3) Cannot provide high-level security, or cannot handle high-volume
traffic while it is asked to provide high-level security.

[[ This is absolute bull-***. The hardware firewalls are built for this
reason. Never seen this to be a problem. IT Shield says it can handle
more than 5000 TCP sessions (interesting that they pick that number,
wonder why they stopped testing there, and what the systems specs that
they were running it on were). I would like to point out that the
FireBox V class line can handle 40,000 active VPN branch office
connections, and an unlimited number of TCP sessions....

4) Usually, you cannot upgrade the hardware yourself. A few vendors let
you plug in your own NICs however.

[[ Wrong again - just as in your PC, you can upgrade many things, but it
depends on your level of hardware skill (as does the PC). As an example,
I can upgrade the RAM, CPU, Firmware in my firewall appliances without
any problems.

[[ The following is my text, without the [[ now.

If you want security, and you are not just a home user, then you want a
real hardware firewall (or a secure OS based Check Point firewall). If
you are a home user, the simple Router with NAT will provide the
perimeter protection you need, and you should install a personal
firewall on the local computers just to CYA.

Sorry for the Rant, but couldn't help it - that ITShield site is so full
of crap. 

-- 
--
spamfree999@rrohio.com
(Remove 999 to reply to me)