Software Firewalls VS Hardware Firewalls
 

Here are my questions:

In a corporate environment is a software firewall ever used or is a hardware firewall almost always used?

What is the difference between a software firewall and a hardware firewall? The only difference that I came come up with is that the hardware firewall is stored on RAM chips and is updated through firmware updates and is harder to compromise because of less services that are running that can be exploited and a software firewall sits on top of an OS like linux (IPTABLES) which has many more possibilities from being cracked because of several services that could possible be running that a cracker can attack. Is this correct?

How reliable is linux VPN software. Is it reliable enough for a corporate environment or would it be better to run a hardware VPN unit like a CISCO concentrator 3000?

It depends on your environment and budget I guess. The company I work for uses PIX hardware firewalls for protecting the network and servers, with software firewalls on workstations.

Personally, I would trust a good firewall appliance over software firewall any day.

EDIT: We use hardware VPN's as well (Juniper)

I usually find it's more important that the firewall is well configured/ bolted down rather than whether it is S/w or H/w. I have experienced both well and poorly configured H/W and S/W firewalls.

burning an eeprom: the mysterious and magical process that turns unreliable software into reliable hardware. :p

As a general rule, when you have less moving parts in any given system it is going to be more reliable and harder to compromise - there are simply less components to break or be broken into. That being said, I prefer hardware based firewalls or "soft appliances" such as Nokia firewalls (running IPSO/Check Point VPN-1) or SecurePlatform (commodity hardware running a hardened version of RHEL 3.0 and Check Point VPN-1). My $0.02.

Well, what is the Cisco IOS but software. Cisco Pix in some respects IS a software firewall. A Cisco router or Pix can also run many services besides just firewalling and we have all heard about certain Cisco vulnerabilities over the past year. The Cisco box that faces the internet has to be properly hardened, same as the Linux box. The biggest factor to me would be the throughput. A properly hardened linux box can easily give security that is equal to any of the hardware firewalls and IPtables/Linux is plenty secure for coporate environments as well as being flexible and well supported as well!!

VPN's are a bit of a different story. The main advantage is many of the Cisco routers and the concentrator have IPSEC cards that off load the IPSEC processing. These can greatly improve throughput and performance which can be a big consideration if you are running certain kinds of applications over the tunnel.

Anyway just my 2 cents.

Do they make Firewalls with built in Anti-virus/Anti-Spyware and can be updated via EEPROM's?

Can any recommend some decent firewall hardware appliances that are linux based and if just as decent?

Lots of vendors make "appliance" firewalls based on a hardened Linux install. Nortel has some really good products in this space (http://www.nortel.com/), though they are rather expensive. Their "switched firewall" technology is Linux/Check Point VPN-1 based.