Software Firewalls VS Hardware Firewalls
Here are my questions:
In a corporate environment is a software firewall ever used or is a hardware firewall almost always used? What is the difference between a software firewall and a hardware firewall? The only difference that I came come up with is that the hardware firewall is stored on RAM chips and is updated through firmware updates and is harder to compromise because of less services that are running that can be exploited and a software firewall sits on top of an OS like linux (IPTABLES) which has many more possibilities from being cracked because of several services that could possible be running that a cracker can attack. Is this correct? How reliable is linux VPN software. Is it reliable enough for a corporate environment or would it be better to run a hardware VPN unit like a CISCO concentrator 3000? |
It depends on your environment and budget I guess. The company I work for uses PIX hardware firewalls for protecting the network and servers, with software firewalls on workstations.
Personally, I would trust a good firewall appliance over software firewall any day. EDIT: We use hardware VPN's as well (Juniper) |
Quote:
|
burning an eeprom: the mysterious and magical process that turns unreliable software into reliable hardware. :p
|
Quote:
|
Well, what is the Cisco IOS but software. Cisco Pix in some respects IS a software firewall. A Cisco router or Pix can also run many services besides just firewalling and we have all heard about certain Cisco vulnerabilities over the past year. The Cisco box that faces the internet has to be properly hardened, same as the Linux box. The biggest factor to me would be the throughput. A properly hardened linux box can easily give security that is equal to any of the hardware firewalls and IPtables/Linux is plenty secure for coporate environments as well as being flexible and well supported as well!!
VPN's are a bit of a different story. The main advantage is many of the Cisco routers and the concentrator have IPSEC cards that off load the IPSEC processing. These can greatly improve throughput and performance which can be a big consideration if you are running certain kinds of applications over the tunnel. Anyway just my 2 cents. |
Do they make Firewalls with built in Anti-virus/Anti-Spyware and can be updated via EEPROM's?
Can any recommend some decent firewall hardware appliances that are linux based and if just as decent? |
Quote:
|
All times are GMT -5. The time now is 04:47 PM. |