Page 3 of 5 FirstFirst 12345 LastLast
Results 21 to 30 of 45

Thread: Firewalls: Hardware and Software

  1. #21
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    Enjoy failing that question on the CISSP, SSCP, and CISA exams
    That seems to be one of your default answers on several of your threads. Demonstrating the ability to Cut & Paste really is not too impressive these days.

    The proper categorizations are: (by generation)

    1. Packet Filtering
    2. Application Level
    3. Stateful Inspection
    4. Dynamic Packet Filtering
    5. Kernel Proxy
    You were doing so well at constructively contributing. But why didn’t you provide the definitions as well? Lack of Attention to Detail! Blissful ignorance does provide you with an outstanding party though.

    …no reason to drag the naive down with you…Which is more than I can say…
    It is nonsensical to place labels upon folks and it demonstrates you have an ego issue. The rest of the world is not beneath you. Nor are we fixated on exam questions.

    …my reputation speaks for itself
    You couldn’t have posted a truer statement!

    I was going ot do a longr reply and speel check just fo you, but i wsa ina hurry.
    I guess we need someone to do an age check before you are allowed to post.


    cheers
    Connection refused, try again later.

  2. #22
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hopefully most would know that it is nonsensical to segregate firewalls by "hardware" and "software", yet here we are.
    Errrrrrrrrrrr?.........wrong! the ultimate hardware firewall is the plug on the wall, followed by the I/O switch, followed by pulling the network connection cable. OK in the first instance there is no power, in the second instance there is some power, but I am not at liberty to say more than that, in the third instance you have full local user capabilities, but are vulnerable to TEMPEST, Nonstop and the rest.........against which no firewall is effective........we are talking Faraday cages here?

    Otherwise you are spot on old chap.

    Incidentally, my usual reason for turning off non-essential kit is the savings in electricity and insurance praemia. Not to mention the health & safety fire risk angle..............

    I guess it is just a development of the argument that systems security is compromised if you do not have a complementary physical security regime. That is one reason why I p1$$ myself at these people bragging about their "uptime". If a system is up, and does not need to be, it is a risk that you should not be taking.

    my views

    and I've caught catch on a technicality

  3. #23
    I can't stress how much I want to read the correct information. If I felt any different, I would've gone to Steve Gibson’s site and let my level of security knowledge remain stagnant. After all, his site doesn't claim to contain knowledge of maximum security.

  4. #24
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    I can't stress how much I want to read the correct information. If I felt any different, I would've gone to Steve Gibson’s site and let my level of security knowledge remain stagnant. After all, his site doesn't claim to contain knowledge of maximum security.
    ???? Would you care to elaborate..............what is that comment supposed to mean?.............in the REAL WORLD?????..............like where we live and earn our salaries or wages?



    Anyway........you read the posts.............this site does not contain knowledge of maximum security other than for "a connected world", which I take to be reality, rather than a government bunker or a consultant's ivory tower.

    my view

  5. #25
    Banned
    Join Date
    May 2003
    Posts
    1,004
    That seems to be one of your default answers on several of your threads. Demonstrating the ability to Cut & Paste really is not too impressive these days.
    It is the easiest and simplest way to say that I'm correct and have the well established, real world source to back that up. Personal experience, bah... internationally recognized skills and experiences assessment? That is something worth listening to.

    You were doing so well at constructively contributing. But why didn’t you provide the definitions as well? Lack of Attention to Detail! Blissful ignorance does provide you with an outstanding party though.
    I have discusses these definitions at length on this very board previously... and aside from that, users now know the proper terms to search for what they want. It is unreasonable to expect a user to post their entire breadth of knowledge on any given subject in every post that particular post is mentioned.

    It is nonsensical to place labels upon folks and it demonstrates you have an ego issue.
    How is this a label? By definition, those who do not know any better and in fact swallow the tripe about two types of firewalls are naive. I suppose I could have said "people who are uneducated on the subject and have made no more than a minimal effort to educate themselves." however, "naive" works just as well.

    Furthermore... my ego might be huge, but I don't see how that or any other ad hominems relate to the different types of firewalls.

    The biggest problem with classifying firewalls by those 5 guidelines instead of hardware/software is that it becomes INCREDIBLY difficult to explain even the most basic security to a home user.
    So you hold that it makes more sense to take the short road and explain something by the box it comes in rather than what it does?

    This post was mainly directed towards people doing that kind of work, not those in your business catch.
    My line of business is being a security expert and using and in this case using those definitions, plus assurance evaluations and whatever other data is appropriate and then presenting the client with the best choice for their requirements (business needs, ease of technical integration, fits in the budget). Not saying "this firewall is software and this firewall is hardware, which one do you want?" This tells the user nothing at all compared to: "This firewall has the ability to meet what I feel is the most correct architecture for your network with the greatest of ease, it can processes Xdata/s which considering your projected rate of growth should give you a life-cycle expectancy of Y months. It has an ISO-15408 evaluation of X that meets or exceeds both relevant industry standards and your clients' requirements as well. The price is Z, and considering the reduction in risk, the duration of the life-cycle and reduction in overall maintenance man-hours, you will notice that the cost-benefit ration is quite favorable."
    If you approach your client with anything less, you are not really filling the full potential of the role. The client pays you to think and research, not just to throw names out alongside some arbitrary classification.

    Lastly this:
    That is one reason why I p1$$ myself at these people bragging about their "uptime". If a system is up, and does not need to be, it is a risk that you should not be taking.
    So many systems these days are 24/7 systems, for whatever reason (which may be unknown to you). Considering that availiability is a cornerstone of the security requirement triad... seems a big consideration.

    The simple fact of the matter is that "software firewall" and "hardware firewall" are not only industry inappropriate, but those terms reveal NOTHING about the firewall's functionality or capabilities. If a term provides no useful information, what value does it have?

    cheers,

    catch

  6. #26
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,024
    So you hold that it makes more sense to take the short road and explain something by the box it comes in rather than what it does?
    Uhh DUH! Got a better way to get a home user to halfway listen to you about what you are trying to teach them? If I even attempt to get into describing ports most tune me out...
    [H]ard|OCP <--Best hardware/gaming news out there--|
    pwned.nl <--Gamers will love this one --|
    Light a man a fire and you\'ll keep him warm for a day, Light a man ON fire and you\'ll keep him warm the rest of his life.

  7. #27
    Banned
    Join Date
    May 2003
    Posts
    1,004
    Got a better way to get a home user to halfway listen to you about what you are trying to teach them?
    So, what does your method teach them?

    cheers,

    catch

  8. #28
    Senior Member
    Join Date
    Mar 2004
    Location
    Colorado
    Posts
    421
    For many years now, we have always use the term "hardware" firewall to include only firewalls that used a flash ROM or read only RAM drive type of media to store OS and config information.
    Every other firewall were "software" firewalls. The distinction for us is we never wanted an entire network to be down due to HDD issues. Back in the day, ROM was just so much more reliable than HDD media. The tables have turned as HDD is getting so cheap, it is now easy and affordable to create redundant drive setups for those "software" firewalls.

    I think any more it's a matter of semantics pure and simple. Don't you think?

  9. #29
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,024
    Originally posted here by catch
    So, what does your method teach them?

    cheers,

    catch
    The basics of what a firewall is/does, and why a "hardware" and "software" firewalls have different uses.
    [H]ard|OCP <--Best hardware/gaming news out there--|
    pwned.nl <--Gamers will love this one --|
    Light a man a fire and you\'ll keep him warm for a day, Light a man ON fire and you\'ll keep him warm the rest of his life.

  10. #30
    Banned
    Join Date
    May 2003
    Posts
    1,004
    The basics of what a firewall is/does
    Wow, you teach all that without even touching on the different types of firewalls?

    why a "hardware" and "software" firewalls have different uses.
    Both can offer equal functionality... so now the question for you... since I am clearly ignorant on this subject... what are the different uses for hardware and software firewalls?

    What information do you consider? Is a kernel proxying "software" firewall the same as an application level "software" firewall? Is a packet filtering "hardware" firewall the same as a stateful inspection "hardware" firewall? Is a stateful inspection software "firewall" the same as a stateful inspection "hardware" firewall?

    More to the point, what if I run the software from a "hardware" firewall, within an emulator on a general purpose system using hardware that offers comparable performance... now what?

    cheers,

    catch

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •