|
-
June 21st, 2002, 09:58 PM
#1
Hw vs Sw Fw ;)
Lol, I was gonna reply to Kom* 's post on firewalls but the thread seems to have vansished! 
Anyways since my reply wasn't about Kom*, I decided to post anyway:
Sometimes I get annoyed by the distinction people make of software and hardware firewalls...
When does a software firewall becomes a hardware firewall? Is a dedicated openbsd box with only ipf or pf running on a hardware firewall? I mean, I doubt that any company as actually build a firewall chip (by this I mean a chip with firewalling logic on it, not a process on a CPU)?
Ammo
-
June 21st, 2002, 10:05 PM
#2
There are plenty of hardware firewalls. Cisco, Linksys and many other companies have hardware firewalls which you simply plug into the network at a specific point to protect incoming and outgoing traffic. As for a dedicated box set up, that's debatable... If it truly is dedicated to only firewall activities, I would consider it a hardware firewall, though in reality it's just a computer with a software firewall running on it. Just my opinion, though. If you're looking for info about hardware firewalls, you can either search for consumer or enterprise solutions. For consumer, I recommened checking out www.linksys.com For enterprise, check out Cisco's site and check out their line of firewalls.
AJ
-
June 21st, 2002, 10:15 PM
#3
No, I knew that: the point is:
If it truly is dedicated to only firewall activities, I would consider it a hardware firewall, though in reality it's just a computer with a software firewall running on it.
the same applies to "hardware firewalls" from cisco or whoever else: they too are only computers with firewall software running on them (afaik.. the proof would be that you can add firewalling software to cisco routers...)
Ammo
Credit travels up, blame travels down -- The Boss
-
June 21st, 2002, 10:18 PM
#4
Between, linksys routers are not firewalls: they only run NAT which is barely a firewall..
(I think SMC barricades do run true statefull firewalling )
Ammo
Credit travels up, blame travels down -- The Boss
-
June 21st, 2002, 10:20 PM
#5
Point. Well, as for you saying that no company would actually build a firewall chip, I remember reading a magazine article a few months ago about a company which was releasing a series of NICs which a firewall chip could be added to.
AJ
PS: I actually did a search and found a press release from 3Com about it here: http://www.nwfusion.com/news/2002/0225infra.html EDIT: A more recent article can be found here: http://news.zdnet.co.uk/story/0,,t269-s2109150,00.html
-
June 21st, 2002, 10:21 PM
#6
Until you posed the question that way, I had always operated under the assumption that a 'hardware firewall' was a box that was specifically dedicated to being a firewall, be it a pure hardware firewall like a cisco PIX, or a hardware/software combination like a checkpoint or raptor firewall. Whereas I had always assumed that a "software firewall" was something like ZoneAlarm that ran on a box to protect it, but that the box was not specifically dedicated to being a firewall...
But now I am just confused 
Neb
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
-
June 22nd, 2002, 12:42 AM
#7
Yes I was aware of 3com's upcoming firewall on NIC concept (didn't want to bring it up confuse even more the discussion but since you brought it up but even then, it's part of the firmware, not on chip logic..
The embedded firewall is based on technology from Secure Computing, and can be added to existing 3Com 10/100M bit/sec 3CR990 series NICs through a firmware upgrade, or purchased with new network cards
Not getting picky with terms, my usual interpretation is like nebulus200...
My point was just that it sometimes seems that people assume that because a firewall is "hardware" that it is necessairly better, which isn't always true...
Anyway, I'd go more in length with this but I don't feel like it right now...
Ammo
Credit travels up, blame travels down -- The Boss
-
July 4th, 2002, 02:09 AM
#8
Senior Member
there are currently hardware encryption devices, so it stands to reason that firewalls could be produced in the same manner (and as you guys have pointed out some are on the way). the pros and cons should be fairly obvious, but i'll list what i can think of:
pros:
- speed/efficiency/larger throughput
- failovers/redundancy (if we think in terms of enterprise chassis)
- plug-n-play type integration with other network modules (ie. QOS, management, etc)
cons:
- longer lead time for fixes/updates
- expensive
from a security standpoint, i really don't see much gain. most of the problems with software firewalls would still exist for those of the hardware breed. the real benefits i see are for the telcoms or large-scale service providers for cost-efficiencies and service capabilities.
-
July 4th, 2002, 10:52 AM
#9
I think the only way you could truly call a firewall a "hardware firewall" is if you had to move jumpers or something like that to modify the rulesets. Any system that has a place where you can log in to change rulesets would cause a firewall to be put into the software category, because it is obviously running at least some software on the system.
-
July 6th, 2002, 05:14 AM
#10
Member
I'm currently running Zone Alarm for SW firewall, but I'm interested as well in implementing a HW firewall solution. I'm trying to compare SMC Barricade and Linksys products. Anyone have any opinion concerning the two? Thanks.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote