Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
03-15-2006, 05:51 PM
|
#1
|
Senior Member
Registered: Feb 2003
Location: Washington D.C
Posts: 2,190
Rep:
|
Software Firewalls VS Hardware Firewalls
Here are my questions:
In a corporate environment is a software firewall ever used or is a hardware firewall almost always used?
What is the difference between a software firewall and a hardware firewall? The only difference that I came come up with is that the hardware firewall is stored on RAM chips and is updated through firmware updates and is harder to compromise because of less services that are running that can be exploited and a software firewall sits on top of an OS like linux (IPTABLES) which has many more possibilities from being cracked because of several services that could possible be running that a cracker can attack. Is this correct?
How reliable is linux VPN software. Is it reliable enough for a corporate environment or would it be better to run a hardware VPN unit like a CISCO concentrator 3000?
|
|
|
03-15-2006, 11:18 PM
|
#2
|
Member
Registered: Feb 2005
Distribution: Slack/Debian
Posts: 163
Rep:
|
It depends on your environment and budget I guess. The company I work for uses PIX hardware firewalls for protecting the network and servers, with software firewalls on workstations.
Personally, I would trust a good firewall appliance over software firewall any day.
EDIT: We use hardware VPN's as well (Juniper)
Last edited by camh; 03-15-2006 at 11:21 PM.
|
|
|
03-16-2006, 05:27 AM
|
#3
|
LQ Newbie
Registered: Mar 2006
Posts: 1
Rep:
|
Quote:
Originally Posted by camh
It depends on your environment and budget I guess. The company I work for uses PIX hardware firewalls for protecting the network and servers, with software firewalls on workstations.
Personally, I would trust a good firewall appliance over software firewall any day.
EDIT: We use hardware VPN's as well (Juniper)
|
I usually find it's more important that the firewall is well configured/ bolted down rather than whether it is S/w or H/w. I have experienced both well and poorly configured H/W and S/W firewalls.
|
|
|
03-16-2006, 06:42 AM
|
#4
|
Senior Member
Registered: Nov 2003
Location: Knoxville, TN
Distribution: Kubuntu 9.04
Posts: 1,168
Rep:
|
burning an eeprom: the mysterious and magical process that turns unreliable software into reliable hardware.
|
|
|
03-16-2006, 09:34 AM
|
#5
|
Member
Registered: Mar 2006
Distribution: RHEL, Fedora, Ubuntu
Posts: 32
Rep:
|
Quote:
Originally Posted by metallica1973
Here are my questions:
In a corporate environment is a software firewall ever used or is a hardware firewall almost always used?
What is the difference between a software firewall and a hardware firewall? The only difference that I came come up with is that the hardware firewall is stored on RAM chips and is updated through firmware updates and is harder to compromise because of less services that are running that can be exploited and a software firewall sits on top of an OS like linux (IPTABLES) which has many more possibilities from being cracked because of several services that could possible be running that a cracker can attack. Is this correct?
How reliable is linux VPN software. Is it reliable enough for a corporate environment or would it be better to run a hardware VPN unit like a CISCO concentrator 3000?
|
As a general rule, when you have less moving parts in any given system it is going to be more reliable and harder to compromise - there are simply less components to break or be broken into. That being said, I prefer hardware based firewalls or "soft appliances" such as Nokia firewalls (running IPSO/Check Point VPN-1) or SecurePlatform (commodity hardware running a hardened version of RHEL 3.0 and Check Point VPN-1). My $0.02.
|
|
|
03-16-2006, 10:57 PM
|
#6
|
Member
Registered: Apr 2005
Posts: 131
Rep:
|
Well, what is the Cisco IOS but software. Cisco Pix in some respects IS a software firewall. A Cisco router or Pix can also run many services besides just firewalling and we have all heard about certain Cisco vulnerabilities over the past year. The Cisco box that faces the internet has to be properly hardened, same as the Linux box. The biggest factor to me would be the throughput. A properly hardened linux box can easily give security that is equal to any of the hardware firewalls and IPtables/Linux is plenty secure for coporate environments as well as being flexible and well supported as well!!
VPN's are a bit of a different story. The main advantage is many of the Cisco routers and the concentrator have IPSEC cards that off load the IPSEC processing. These can greatly improve throughput and performance which can be a big consideration if you are running certain kinds of applications over the tunnel.
Anyway just my 2 cents.
|
|
|
03-17-2006, 01:04 PM
|
#7
|
Senior Member
Registered: Feb 2003
Location: Washington D.C
Posts: 2,190
Original Poster
Rep:
|
Do they make Firewalls with built in Anti-virus/Anti-Spyware and can be updated via EEPROM's?
Can any recommend some decent firewall hardware appliances that are linux based and if just as decent?
|
|
|
03-17-2006, 02:21 PM
|
#8
|
Member
Registered: Mar 2006
Distribution: RHEL, Fedora, Ubuntu
Posts: 32
Rep:
|
Quote:
Originally Posted by metallica1973
Can any recommend some decent firewall hardware appliances that are linux based and if just as decent?
|
Lots of vendors make "appliance" firewalls based on a hardened Linux install. Nortel has some really good products in this space ( http://www.nortel.com/), though they are rather expensive. Their "switched firewall" technology is Linux/Check Point VPN-1 based.
|
|
|
All times are GMT -5. The time now is 02:21 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|