Hw vs Sw Fw ;)
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Hw vs Sw Fw ;)

  1. #1
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027

    Hw vs Sw Fw ;)

    Lol, I was gonna reply to Kom* 's post on firewalls but the thread seems to have vansished!

    Anyways since my reply wasn't about Kom*, I decided to post anyway:

    Sometimes I get annoyed by the distinction people make of software and hardware firewalls...
    When does a software firewall becomes a hardware firewall? Is a dedicated openbsd box with only ipf or pf running on a hardware firewall? I mean, I doubt that any company as actually build a firewall chip (by this I mean a chip with firewalling logic on it, not a process on a CPU)?

    Ammo

  2. #2
    The Iceman Cometh
    Join Date
    Aug 2001
    Posts
    1,209
    There are plenty of hardware firewalls. Cisco, Linksys and many other companies have hardware firewalls which you simply plug into the network at a specific point to protect incoming and outgoing traffic. As for a dedicated box set up, that's debatable... If it truly is dedicated to only firewall activities, I would consider it a hardware firewall, though in reality it's just a computer with a software firewall running on it. Just my opinion, though. If you're looking for info about hardware firewalls, you can either search for consumer or enterprise solutions. For consumer, I recommened checking out www.linksys.com For enterprise, check out Cisco's site and check out their line of firewalls.

    AJ

  3. #3
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    No, I knew that: the point is:

    If it truly is dedicated to only firewall activities, I would consider it a hardware firewall, though in reality it's just a computer with a software firewall running on it.
    the same applies to "hardware firewalls" from cisco or whoever else: they too are only computers with firewall software running on them (afaik.. the proof would be that you can add firewalling software to cisco routers...)

    Ammo
    Credit travels up, blame travels down -- The Boss

  4. #4
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    Between, linksys routers are not firewalls: they only run NAT which is barely a firewall..
    (I think SMC barricades do run true statefull firewalling )

    Ammo
    Credit travels up, blame travels down -- The Boss

  5. #5
    The Iceman Cometh
    Join Date
    Aug 2001
    Posts
    1,209
    Point. Well, as for you saying that no company would actually build a firewall chip, I remember reading a magazine article a few months ago about a company which was releasing a series of NICs which a firewall chip could be added to.

    AJ

    PS: I actually did a search and found a press release from 3Com about it here: http://www.nwfusion.com/news/2002/0225infra.html EDIT: A more recent article can be found here: http://news.zdnet.co.uk/story/0,,t269-s2109150,00.html

  6. #6
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    Until you posed the question that way, I had always operated under the assumption that a 'hardware firewall' was a box that was specifically dedicated to being a firewall, be it a pure hardware firewall like a cisco PIX, or a hardware/software combination like a checkpoint or raptor firewall. Whereas I had always assumed that a "software firewall" was something like ZoneAlarm that ran on a box to protect it, but that the box was not specifically dedicated to being a firewall...

    But now I am just confused

    Neb
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  7. #7
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    Yes I was aware of 3com's upcoming firewall on NIC concept (didn't want to bring it up confuse even more the discussion but since you brought it up but even then, it's part of the firmware, not on chip logic..

    The embedded firewall is based on technology from Secure Computing, and can be added to existing 3Com 10/100M bit/sec 3CR990 series NICs through a firmware upgrade, or purchased with new network cards
    Not getting picky with terms, my usual interpretation is like nebulus200...

    My point was just that it sometimes seems that people assume that because a firewall is "hardware" that it is necessairly better, which isn't always true...

    Anyway, I'd go more in length with this but I don't feel like it right now...

    Ammo
    Credit travels up, blame travels down -- The Boss

  8. #8
    Senior Member
    Join Date
    Jun 2002
    Posts
    165
    there are currently hardware encryption devices, so it stands to reason that firewalls could be produced in the same manner (and as you guys have pointed out some are on the way). the pros and cons should be fairly obvious, but i'll list what i can think of:

    pros:
    - speed/efficiency/larger throughput
    - failovers/redundancy (if we think in terms of enterprise chassis)
    - plug-n-play type integration with other network modules (ie. QOS, management, etc)

    cons:
    - longer lead time for fixes/updates
    - expensive

    from a security standpoint, i really don't see much gain. most of the problems with software firewalls would still exist for those of the hardware breed. the real benefits i see are for the telcoms or large-scale service providers for cost-efficiencies and service capabilities.
    -droby10

  9. #9
    str34m3r
    Guest
    I think the only way you could truly call a firewall a "hardware firewall" is if you had to move jumpers or something like that to modify the rulesets. Any system that has a place where you can log in to change rulesets would cause a firewall to be put into the software category, because it is obviously running at least some software on the system.

  10. #10
    Member
    Join Date
    Jun 2002
    Posts
    44
    I'm currently running Zone Alarm for SW firewall, but I'm interested as well in implementing a HW firewall solution. I'm trying to compare SMC Barricade and Linksys products. Anyone have any opinion concerning the two? Thanks.
    -Hadoob024-

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •