Re: Linux firewall vs Windows and Hardware based firewalls

• Previous message: Joerg Johannes: "Re: second try at voodoo v and hardware rendering"
• In reply to: Robert Storey: "Re: Linux firewall vs Windows and Hardware based firewalls"
• Next in thread: Ron Johnson: "Re: Linux firewall vs Windows and Hardware based firewalls"
• Reply: Ron Johnson: "Re: Linux firewall vs Windows and Hardware based firewalls"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Thu, 31 Jul 2003 23:30:43 +1000
To: debian-user@lists.debian.org

On Thu, Jul 31, 2003 at 08:50:21PM +0800, Robert Storey wrote:
> Everything I've ever read indicates that a hardware-based firewall is
> more secure and reliable than an PC operating system, be it Linux or
> Windows. A PC OS has to be complex because it has so many functions to
> perform, but that adds potential security holes and one can never close
> them all. Furthermore, Intel-based PCs have some well-known exploits
> (such as buffer overflows) which are a function of the hardware and
> there is no real cure because changing the CPU instructions would break
> backward compatibility. By contrast, a router operating system is very
> simple and designed to do only one thing, and the hardware (which has no
> moving parts) is more reliable and uses far less electricity than a PC.
>
> A Linux-based firewall is probably good enough for the average home
> hobbyist, but in a professional environment it doesn't pay to "save
> money" by recycling an old PC with Linux installed in place of a router.
>
> regards,
> Robert

Hmm... I'm not an expert and this is my understanding of software and
hardware firewalls.

A hardware firewall would probably be more reliable - the security part
is debatable. A firewall is a firewall - it's security comes from its
configuration. An cutdown firewall/router machine with minimal services
can be just as secure as hardware firewall.

The advantage of hardware firewall - most likely speed -
specialised hardware to deal with packet processing and the like.

This won't be an issue if you're a home user with a few machines but
for corporate use, with lots of machines and traffic, you want things
to be speedy and more efficient.

-- 
-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

• Previous message: Joerg Johannes: "Re: second try at voodoo v and hardware rendering"
• In reply to: Robert Storey: "Re: Linux firewall vs Windows and Hardware based firewalls"
• Next in thread: Ron Johnson: "Re: Linux firewall vs Windows and Hardware based firewalls"
• Reply: Ron Johnson: "Re: Linux firewall vs Windows and Hardware based firewalls"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages RE: Router/Firewall Recommendation ... > bounces@redhat.com] On Behalf Of Ed Wilts ... > configuration will be better than a hardware firewall. ... > ports forwarded to my Linux system and add ... Red Hat Community Ambassador Program ... (RedHat) Re: possibly hacked? Need some ideas please! ... ]> a small office behind a hardware firewall. ... ]> none of the services are responding including SSH. ... ]> firewall pointing to the Linux box. ... It responds to ping! ... (alt.os.linux) Re: Can this be done? ... > hardware firewall. ... Trouble is I don't yet know how to use Linux. ... > to set this up as a Windows based firewall connecting to my Netgear ... I found zone alarm, well the earlier versions of it ... (comp.security.firewalls) Re: Firewall ... > to look at Redhat but if it's not going to be supported long term then ... Do you mean that you are planning to set up a Linux box to be used as a ... hardware firewall and would like to know what would be a good distro for ... (alt.os.linux) possibly hacked? Need some ideas please! ... a small office behind a hardware firewall. ... firewall pointing to the Linux box. ... I have VNC to a desktop inside the LAN and I can ping the ... But all the other services are NOT responding. ... (alt.os.linux)