LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 03-15-2006, 05:51 PM   #1
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,115

Rep: Reputation: 58
Software Firewalls VS Hardware Firewalls


Here are my questions:

In a corporate environment is a software firewall ever used or is a hardware firewall almost always used?

What is the difference between a software firewall and a hardware firewall? The only difference that I came come up with is that the hardware firewall is stored on RAM chips and is updated through firmware updates and is harder to compromise because of less services that are running that can be exploited and a software firewall sits on top of an OS like linux (IPTABLES) which has many more possibilities from being cracked because of several services that could possible be running that a cracker can attack. Is this correct?

How reliable is linux VPN software. Is it reliable enough for a corporate environment or would it be better to run a hardware VPN unit like a CISCO concentrator 3000?
 
Old 03-15-2006, 11:18 PM   #2
camh
Member
 
Registered: Feb 2005
Distribution: Slack/Debian
Posts: 163
Blog Entries: 2

Rep: Reputation: 33
It depends on your environment and budget I guess. The company I work for uses PIX hardware firewalls for protecting the network and servers, with software firewalls on workstations.

Personally, I would trust a good firewall appliance over software firewall any day.

EDIT: We use hardware VPN's as well (Juniper)

Last edited by camh; 03-15-2006 at 11:21 PM.
 
Old 03-16-2006, 05:27 AM   #3
Nisky
LQ Newbie
 
Registered: Mar 2006
Posts: 1

Rep: Reputation: 0
Quote:
Originally Posted by camh
It depends on your environment and budget I guess. The company I work for uses PIX hardware firewalls for protecting the network and servers, with software firewalls on workstations.

Personally, I would trust a good firewall appliance over software firewall any day.

EDIT: We use hardware VPN's as well (Juniper)
I usually find it's more important that the firewall is well configured/ bolted down rather than whether it is S/w or H/w. I have experienced both well and poorly configured H/W and S/W firewalls.
 
Old 03-16-2006, 06:42 AM   #4
Crito
Senior Member
 
Registered: Nov 2003
Location: Knoxville, TN
Distribution: Kubuntu 9.04
Posts: 1,168

Rep: Reputation: 53
burning an eeprom: the mysterious and magical process that turns unreliable software into reliable hardware.
 
Old 03-16-2006, 09:34 AM   #5
abegetchell
Member
 
Registered: Mar 2006
Distribution: RHEL, Fedora, Ubuntu
Posts: 32

Rep: Reputation: 15
Quote:
Originally Posted by metallica1973
Here are my questions:

In a corporate environment is a software firewall ever used or is a hardware firewall almost always used?

What is the difference between a software firewall and a hardware firewall? The only difference that I came come up with is that the hardware firewall is stored on RAM chips and is updated through firmware updates and is harder to compromise because of less services that are running that can be exploited and a software firewall sits on top of an OS like linux (IPTABLES) which has many more possibilities from being cracked because of several services that could possible be running that a cracker can attack. Is this correct?

How reliable is linux VPN software. Is it reliable enough for a corporate environment or would it be better to run a hardware VPN unit like a CISCO concentrator 3000?
As a general rule, when you have less moving parts in any given system it is going to be more reliable and harder to compromise - there are simply less components to break or be broken into. That being said, I prefer hardware based firewalls or "soft appliances" such as Nokia firewalls (running IPSO/Check Point VPN-1) or SecurePlatform (commodity hardware running a hardened version of RHEL 3.0 and Check Point VPN-1). My $0.02.
 
Old 03-16-2006, 10:57 PM   #6
javaroast
Member
 
Registered: Apr 2005
Posts: 130

Rep: Reputation: 18
Well, what is the Cisco IOS but software. Cisco Pix in some respects IS a software firewall. A Cisco router or Pix can also run many services besides just firewalling and we have all heard about certain Cisco vulnerabilities over the past year. The Cisco box that faces the internet has to be properly hardened, same as the Linux box. The biggest factor to me would be the throughput. A properly hardened linux box can easily give security that is equal to any of the hardware firewalls and IPtables/Linux is plenty secure for coporate environments as well as being flexible and well supported as well!!

VPN's are a bit of a different story. The main advantage is many of the Cisco routers and the concentrator have IPSEC cards that off load the IPSEC processing. These can greatly improve throughput and performance which can be a big consideration if you are running certain kinds of applications over the tunnel.

Anyway just my 2 cents.
 
Old 03-17-2006, 01:04 PM   #7
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,115

Original Poster
Rep: Reputation: 58
Do they make Firewalls with built in Anti-virus/Anti-Spyware and can be updated via EEPROM's?

Can any recommend some decent firewall hardware appliances that are linux based and if just as decent?
 
Old 03-17-2006, 02:21 PM   #8
abegetchell
Member
 
Registered: Mar 2006
Distribution: RHEL, Fedora, Ubuntu
Posts: 32

Rep: Reputation: 15
Quote:
Originally Posted by metallica1973
Can any recommend some decent firewall hardware appliances that are linux based and if just as decent?
Lots of vendors make "appliance" firewalls based on a hardened Linux install. Nortel has some really good products in this space (http://www.nortel.com/), though they are rather expensive. Their "switched firewall" technology is Linux/Check Point VPN-1 based.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
2 firewalls? dareino Linux - Security 6 04-07-2004 12:25 AM
firewalls Kent Emia Linux - Networking 10 08-15-2003 08:51 AM
Why are hardware firewalls better then software? darin3200 Linux - Security 23 08-10-2003 09:56 AM
Linux Firewalls [iso firewalls] yoogie Linux - Networking 3 01-28-2002 06:56 PM
Firewalls oulevon Linux - Security 2 04-14-2001 06:11 PM


All times are GMT -5. The time now is 01:23 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration