Francisco Tapia
fhtapia at gmail.com
Tue Dec 7 16:22:52 CST 2004
speaking of software/hardware firewalls, I was out looking at this one... WGT624 Netgear Router + Firewall (NAT+SPI) protection :) On Tue, 7 Dec 2004 13:32:22 -0600, John Bartow <john at winhaven.net> wrote: > I agree with you on principal but that too depends of the situation. > > > > -----Original Message----- > From: dba-tech-bounces at databaseadvisors.com > [mailto:dba-tech-bounces at databaseadvisors.com]On Behalf Of Drew Wutka > Sent: Tuesday, December 07, 2004 12:15 PM > To: Discussion of Hardware and Software issues > Subject: RE: [dba-Tech] Software Firewalls > > Of course, a proxy removes that issue too. A hardware firewall, with the > proxy allowing internet access, boom, done. Faster firewall, and faster > internet connection (across a network). > > Drew > > -----Original Message----- > From: dba-tech-bounces at databaseadvisors.com > [mailto:dba-tech-bounces at databaseadvisors.com]On Behalf Of John Bartow > Sent: Tuesday, December 07, 2004 12:08 PM > To: Discussion of Hardware and Software issues > Subject: RE: [dba-Tech] Software Firewalls > > John, > Of course the one thing the hardware firewall can never do is protect from > malicious programs inside the firewall which a cheap piece of software on > each computer will do. This may not be an issue for most one PC developers > but once you put together a network and/or support clients with networks > this does become an issue. You can avoid using software firewalls by using > internal checkpoint type devices that act as firewalls between networks > segments but I can't say if that is less expensive or better than having a > basic software firewall component on each computer. Probably really depends > on each individual situation. > > John B. > > -----Original Message----- > From: dba-tech-bounces at databaseadvisors.com > [mailto:dba-tech-bounces at databaseadvisors.com]On Behalf Of John W. Colby > Sent: Tuesday, December 07, 2004 11:13 AM > To: 'Discussion of Hardware and Software issues' > Subject: RE: [dba-Tech] Software Firewalls > > In fact a hardware firewall usually does everything that a software firewall > does, plus more. It is unusual for example for software firewalls to do > stateful packet inspection. Doing so is extremely processor intensive. A > good hardware firewall has a co-processor out in the router that does that > stuff and offloads the workstation from doing that. IF you have a good > hardware firewall, and the cheaper routers are NOT firewalls or are very > limited firewalls, then you truly do not need a software firewall. I know > of nothing that a software firewall does that a good hardware firewall > cannot be made to do. > > Furthermore, the hardware firewall can be made to do it for ALL workstations > at one fell swoop, vs. having to write rules and get them applied to each > and every workstation's software firewall. > > I am NOT recommending that everyone out there get rid of their zonealarm. I > am saying however that if you spend the bucks on a good router with a good > hardware firewall built into it, and you set it up correctly, then you can > safely get rid of Zonealarm (or whatever you use). > > John W. Colby > www.ColbyConsulting.com > > Contribute your unused CPU cycles to a good cause: > http://folding.stanford.edu/ > > _______________________________________________ > dba-Tech mailing list > dba-Tech at databaseadvisors.com > http://databaseadvisors.com/mailman/listinfo/dba-tech > Website: http://www.databaseadvisors.com > > _______________________________________________ > dba-Tech mailing list > dba-Tech at databaseadvisors.com > http://databaseadvisors.com/mailman/listinfo/dba-tech > Website: http://www.databaseadvisors.com > > _______________________________________________ > dba-Tech mailing list > dba-Tech at databaseadvisors.com > http://databaseadvisors.com/mailman/listinfo/dba-tech > Website: http://www.databaseadvisors.com > -- -Francisco http://pcthis.blogspot.com | PC news with out the jargon!