John Bartow
john at winhaven.net
Tue Dec 7 13:32:22 CST 2004
I agree with you on principal but that too depends of the situation. -----Original Message----- From: dba-tech-bounces at databaseadvisors.com [mailto:dba-tech-bounces at databaseadvisors.com]On Behalf Of Drew Wutka Sent: Tuesday, December 07, 2004 12:15 PM To: Discussion of Hardware and Software issues Subject: RE: [dba-Tech] Software Firewalls Of course, a proxy removes that issue too. A hardware firewall, with the proxy allowing internet access, boom, done. Faster firewall, and faster internet connection (across a network). Drew -----Original Message----- From: dba-tech-bounces at databaseadvisors.com [mailto:dba-tech-bounces at databaseadvisors.com]On Behalf Of John Bartow Sent: Tuesday, December 07, 2004 12:08 PM To: Discussion of Hardware and Software issues Subject: RE: [dba-Tech] Software Firewalls John, Of course the one thing the hardware firewall can never do is protect from malicious programs inside the firewall which a cheap piece of software on each computer will do. This may not be an issue for most one PC developers but once you put together a network and/or support clients with networks this does become an issue. You can avoid using software firewalls by using internal checkpoint type devices that act as firewalls between networks segments but I can't say if that is less expensive or better than having a basic software firewall component on each computer. Probably really depends on each individual situation. John B. -----Original Message----- From: dba-tech-bounces at databaseadvisors.com [mailto:dba-tech-bounces at databaseadvisors.com]On Behalf Of John W. Colby Sent: Tuesday, December 07, 2004 11:13 AM To: 'Discussion of Hardware and Software issues' Subject: RE: [dba-Tech] Software Firewalls In fact a hardware firewall usually does everything that a software firewall does, plus more. It is unusual for example for software firewalls to do stateful packet inspection. Doing so is extremely processor intensive. A good hardware firewall has a co-processor out in the router that does that stuff and offloads the workstation from doing that. IF you have a good hardware firewall, and the cheaper routers are NOT firewalls or are very limited firewalls, then you truly do not need a software firewall. I know of nothing that a software firewall does that a good hardware firewall cannot be made to do. Furthermore, the hardware firewall can be made to do it for ALL workstations at one fell swoop, vs. having to write rules and get them applied to each and every workstation's software firewall. I am NOT recommending that everyone out there get rid of their zonealarm. I am saying however that if you spend the bucks on a good router with a good hardware firewall built into it, and you set it up correctly, then you can safely get rid of Zonealarm (or whatever you use). John W. Colby www.ColbyConsulting.com Contribute your unused CPU cycles to a good cause: http://folding.stanford.edu/ _______________________________________________ dba-Tech mailing list dba-Tech at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/dba-tech Website: http://www.databaseadvisors.com _______________________________________________ dba-Tech mailing list dba-Tech at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/dba-tech Website: http://www.databaseadvisors.com