Hardware Firewall
Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Hardware Firewall

  1. #1
    Senior Member Info Tech Geek's Avatar
    Join Date
    Jan 2003
    Location
    Vernon, CT
    Posts
    828

    Hardware Firewall

    Where can I find a good article on tightening my hardware firewall? Also, is a hardware sufficient or should I still have a back up in place?

  2. #2
    Senior Member
    Join Date
    Jan 2002
    Posts
    371
    What platform is it running on (Solaris, Linux, Windoze...)

    Also, what are you planning to use it for?

    (On a side note, what the hell happened to the edit function????)
    SoggyBottom.

    [glowpurple]There were so many fewer questions when the stars where still just the holes to heaven - JJ[/glowpurple] [gloworange]I sure could use a vacation from this bull$hit, three ringed circus side show of freaks. - Tool. [/gloworange]

  3. #3
    Junior Member
    Join Date
    Apr 2003
    Posts
    22
    My organization is using a linux based firewall running on an old P 133 that is dual-homed. The firewall runs entirely in memory, so the box needs no hard drive. If you are interested in this project, drop me a line.

  4. #4
    Member
    Join Date
    Feb 2003
    Posts
    41
    interesting firewall setup. how many stations is it linked to??
    Mindpilot

    You can tell lot about a person by how they handle these 3 things: Rainy Days, Lost Luggage, and Tangled Christmas tree lights

  5. #5
    What firewall that you used ???
    and what the reason that you used for ???

  6. #6
    Banned
    Join Date
    Apr 2003
    Posts
    54

    Hardware firewalls

    What was the config?
    Most importantly were nerwork penetrations reduced or eliminated?

  7. #7
    Senior Member
    Join Date
    Jan 2002
    Posts
    458
    Originally posted here by David Anasco
    My organization is using a linux based firewall running on an old P 133 that is dual-homed. The firewall runs entirely in memory, so the box needs no hard drive. If you are interested in this project, drop me a line.
    I would also like some information on this, and am also curious how many connections it can support. How much memory does it require?

  8. #8
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Just a quick question: Is a linux box running ipchains or whatever considered an hardware firewall? I thought a hardware firewall would be stuff from cisco or Nokia. Dedicated hardware that can run nothing else. A PC running linux+ipchains or Windows NT+Checkpoint would be a software firewall. Am I right or did I miss something?

    And as to how to secure it. It all depends on your policy and there are 2 ways to go about it.

    a) allow everything and only block what you really don't want.
    This will make it easy to configure (allow any any), users can do almost everything. If you want to do something new, nothing needs to change and it will probably run on the first try. But you need to keep an eye on new vulnerabilities because everything is basicly allowed.

    b) allow nothing and only open what you need.
    This is also easy to configure at first (block any any) but needs changes if you want something new to go through the firewall. This can be very tricky to setup if you need to run all sorts of stuff through the firewall.

    Both have their pros and cons so it all depends on your policy. Same thing with the backup. If your policy dictates the firewall must be up for 99.999% of the time, you will definitely need something like a hot-standby or some load balancing (make sure 1 firewall can handle all your traffic if you go for the load balancing).

    In short make a policy and configure your firewall based on this policy.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  9. #9
    Junior Member
    Join Date
    Apr 2003
    Posts
    2
    "I thought a hardware firewall would be stuff from cisco or Nokia. Dedicated hardware that can run nothing else."
    Hmmm, I would tend to agree. However , I don't want to be picky but you can use Nokia's for anything (mail servers, routers, IDS, web servers, etc and of course firewalls)
    Watchguard, pix, raptor, netscreen, nokia, etc are considered hardware firewalls.
    Checkpoint, ipchains, etc are considered software firewalls.
    However as you can see the waters are muddied somewhat as checkpoint can run on nokia, and watchguards are basically a gui frontend for ipchains.
    All the above are considered enterprise firewalls, debatable with watchguards, tho'.

    If I could figure out how to get DAIP working on CheckPoint, I would use that at home. But at the moment I use IPCop (www.ipcop.org).
    Handles dynamically allocated IP's for cable and dsl. And supports a single DMZ with NAT.
    Again this is based on ipchains.

    In the workplace I would recommend CheckPoint on Nokia or Cisco PIX.
    Steer clear of running any firewall on a windows machine.

  10. #10
    Senior Member
    Join Date
    Mar 2003
    Location
    central il
    Posts
    1,779
    Originally posted here by SirDice
    Just a quick question: Is a linux box running ipchains or whatever considered an hardware firewall? I thought a hardware firewall would be stuff from cisco or Nokia. Dedicated hardware that can run nothing else. A PC running linux+ipchains or Windows NT+Checkpoint would be a software firewall. Am I right or did I miss something?

    .
    This use to be true but as more apliences are running Linux/ipchanies people are noteing that the distinction is a false one.Take note that Cisco and Nokia firewalls both run Unix underneath so they are basicly a cheap PC running IPchains with a new front end (ok a prepritory version of IPchains but the functionality is the same). If you get a cheap PC slap linux on it and remove all other serivices besides what is absolutly needed for IPchains you have a PIX at 1/10 of the cost.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •