August 28th, 2002, 04:51 AM
a quick thought
whats the diffrence between hardware firewalls (the box) and softwhare firewalls (say zonealarm) just wounderin
August 28th, 2002, 05:00 AM
Hardware firewalls can perform stateful inspection, proxying etc...
When Stateful inspection firewalls receive a SYN packet, the packet is compared against the rulebase, and allowed/denied according to the ruleset you have defined. Once a a TCP connection has been established, the connection details are placed in a connection table. All non-SYN packets are compared against the connection table, and not the rulebase. This has numerous benefits, and I could spend all day explaining. Maybe better to do a google search, or look at phoneboys website.
Proxying firewalls do exactly that, proxy your TCP connections on your behalf.
You can also cluster 2 hardware firewalls together for failover purposes, and keep the connection tables synced to allow seamless connections when one goes down, or a ruleset is being updated.
Havent really reasearched that much into personal/software firewalls. Some may have the ability to do some of the above. Someone with more expertise may be able to further elaborate.
Hope that it helps somewhat.
[glowpurple]There were so many fewer questions when the stars where still just the holes to heaven - JJ[/glowpurple] [gloworange]I sure could use a vacation from this bull$hit, three ringed circus side show of freaks. - Tool. [/gloworange]
August 28th, 2002, 06:01 AM
there's alot of ambiguity with the term hardware firewall.
a) some insist that a true hardware firewall doesn't exist....yet. (ie. everything (sometimes even including rulesets) is burned into the chip)
b) other's will refer to a box that was built to do one thing and thats firewall as a hardware firewall. (ie. nokia IP series, cisco pix, netscreen, etc.).
c) other's refer to any standalone host that runs a firewall as a hardware firewall (ie. a linux box running ip tables).
d) and others, such as soggybottom will refer to a stateful inspection as a constitution for a hardware firewall.
for myself, i generally stick with definition b.
August 29th, 2002, 07:21 PM
good question... i always wanted to know more about fire walls but havent got aroung to thinking of any good questions...