Food for thought
As I have always been a lover of full on hardware firewalls due to little programs being able to switch software ones off....
Maybe we should bring back this topic.
Food for thought
As I have always been a lover of full on hardware firewalls due to little programs being able to switch software ones off....
Maybe we should bring back this topic.
Have Fun.
U.N.C.L.E. X
More UNCLEX than last week but less next :woot:
I think I remember a thread last time I was here 4 years ago UncleX lol. I use both, hardware at the frontline and software so I can control what's on my Pc trying to talk to the world
Conceptually hardwares are always a combination of hardware and software, there is no difference between the two.
A Cisco PIX is Cisco's software running on hardware.
Sygate is software running on Windows hardware.
iptables is software running on Linux hardware.
pf is software running on BSD hardware.
The security is a combination of both how good the firewall software is and also how secure the base OS and hardware are. From a security standpoint there should be 1 firewall per machine. A NAT gateway may protect from the outside but does not protect the machines within from each other.
My best way of defining things in your term Unclex would be to differentiate a hardware firewall as a dedicated box for firewall only and a software firewall as firewall software that runs on a box whose main purpose is for other things.
In that scenario I say you need the dedicated hardware firewall to provide a secure gateway running on a secure platform to protect against general badness from the outside. In addition you also need a software firewall(in conjunction with AV) on each client machine to protect against user stupidity that the hardware firewall will not.
EDIT: Just realised, the short answer was "both".
Last edited by destro404; 14th March 2007 at 01:42 AM.
I use a linksys router with a hardened config and behind that run ISA2004 with AV scanning etc on that. I use a 2nd NIC to my WiFi / Internal network and use the ISA to route / control all the traffic.
Might sound overkill but I had a spare server that I run VMware on - it hosts my ISA / Mail / FTP servers on :-)
oE.
Hardware all the way for me. Got a sonicwall enhanced firewall between me and tint, aint no fucker getting through that
TZ170 with enhanced os, free courtesy of an ex-customer, who might now have a dlink in place of the nice shiny sonicwall.
They are the muts nuts, but beware if you are thinking of getting one for vpn's, as a lot of isp's are now blocking ipsec traffic on standard home broadband connections, they have realised that a lot of people now work from home and they can make money from secure protocols by changing your home bb for business bb, and putting a tick in a box and charging you twice as much
You can also set content filtering, deep packet filtering, av and antispam at firewall level etc etc, and they are very reliable, only the power supplies ever fail, never the unit.
If you want a free one, go for a training course on their pro range and you get a TZ170 standard free if you pass.
My system is more for self-learning, I just have server 2003 sbe and also use citrix and vm ware
Conceptually hardwares are always a combination of hardware and software - I agree
It is funny how many have moved on in four years
When i say software - I am talking about our windows users...
now were is that old link from four years ago...
Have Fun.
U.N.C.L.E. X
More UNCLEX than last week but less next :woot:
I prefer hardware ones as well. The one in my router does the job well enough, while Xp's software firewall is turned off.
Its got to be better surely, and safer. I agree with UncleX, dont want the risk of something turning it off somehow.
You would be best to get a software firewall on your PC too as it can alert you to trojans and dialers try to contact the outside world. Something your hardware firewall will not do.
The best solution is not one or the other, but both. Windows XP firewall is a piece of crap too, don't ever use when there are free alternatives like Sygate.
My machines just sit behind my routers built in Firewall. I did used to use Zone alarm and various others but they pissed me off. I just have anti-virus when i'm online. It's like going bare back, I like the thrill.
Last edited by DJAd; 19th March 2007 at 04:21 PM.
Social Networking Bookmarks