[dba-Tech] Software Firewalls

John W. Colby jwcolby at colbyconsulting.com
Tue Dec 7 16:50:46 CST 2004


A review for that one.

http://reviews-zdnet.com.com/Netgear_WGT624_108Mbps_wireless_firewall_router
/4505-3319_16-30551639.html

I bought this one...

http://reviews.cnet.com/D_Link_DI_624_AirPlus_Xtreme_G_router/4505-3319_7-20
817312-2.html?tag=glance

John W. Colby
www.ColbyConsulting.com 

Contribute your unused CPU cycles to a good cause:
http://folding.stanford.edu/

-----Original Message-----
From: dba-tech-bounces at databaseadvisors.com
[mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of Francisco Tapia
Sent: Tuesday, December 07, 2004 5:23 PM
To: Discussion of Hardware and Software issues
Subject: Re: [dba-Tech] Software Firewalls


speaking of software/hardware firewalls, I was out looking at this one...
WGT624 Netgear Router + Firewall (NAT+SPI) protection :)



On Tue, 7 Dec 2004 13:32:22 -0600, John Bartow <john at winhaven.net> wrote:
> I agree with you on principal but that too depends of the situation.
> 
> 
> 
> -----Original Message-----
> From: dba-tech-bounces at databaseadvisors.com
> [mailto:dba-tech-bounces at databaseadvisors.com]On Behalf Of Drew Wutka
> Sent: Tuesday, December 07, 2004 12:15 PM
> To: Discussion of Hardware and Software issues
> Subject: RE: [dba-Tech] Software Firewalls
> 
> Of course, a proxy removes that issue too.  A hardware firewall, with 
> the proxy allowing internet access, boom, done.  Faster firewall, and 
> faster internet connection (across a network).
> 
> Drew
> 
> -----Original Message-----
> From: dba-tech-bounces at databaseadvisors.com
> [mailto:dba-tech-bounces at databaseadvisors.com]On Behalf Of John Bartow
> Sent: Tuesday, December 07, 2004 12:08 PM
> To: Discussion of Hardware and Software issues
> Subject: RE: [dba-Tech] Software Firewalls
> 
> John,
> Of course the one thing the hardware firewall can never do is protect 
> from malicious programs inside the firewall which a cheap piece of 
> software on each computer will do. This may not be an issue for most 
> one PC developers but once you put together a network and/or support 
> clients with networks this does become an issue. You can avoid using 
> software firewalls by using internal checkpoint type devices that act 
> as firewalls between networks segments but I can't say if that is less 
> expensive or better than having a basic software firewall component on 
> each computer. Probably really depends on each individual situation.
> 
> John B.
> 
> -----Original Message-----
> From: dba-tech-bounces at databaseadvisors.com
> [mailto:dba-tech-bounces at databaseadvisors.com]On Behalf Of John W. 
> Colby
> Sent: Tuesday, December 07, 2004 11:13 AM
> To: 'Discussion of Hardware and Software issues'
> Subject: RE: [dba-Tech] Software Firewalls
> 
> In fact a hardware firewall usually does everything that a software 
> firewall does, plus more.  It is unusual for example for software 
> firewalls to do stateful packet inspection.  Doing so is extremely 
> processor intensive.  A good hardware firewall has a co-processor out 
> in the router that does that stuff and offloads the workstation from 
> doing that.  IF you have a good hardware firewall, and the cheaper 
> routers are NOT firewalls or are very limited firewalls, then you 
> truly do not need a software firewall.  I know of nothing that a 
> software firewall does that a good hardware firewall cannot be made to 
> do.
> 
> Furthermore, the hardware firewall can be made to do it for ALL 
> workstations at one fell swoop, vs. having to write rules and get them 
> applied to each and every workstation's software firewall.
> 
> I am NOT recommending that everyone out there get rid of their 
> zonealarm.  I am saying however that if you spend the bucks on a good 
> router with a good hardware firewall built into it, and you set it up 
> correctly, then you can safely get rid of Zonealarm (or whatever you 
> use).
> 
> John W. Colby
> www.ColbyConsulting.com
> 
> Contribute your unused CPU cycles to a good cause: 
> http://folding.stanford.edu/
> 
> _______________________________________________
> dba-Tech mailing list
> dba-Tech at databaseadvisors.com 
> http://databaseadvisors.com/mailman/listinfo/dba-tech
> Website: http://www.databaseadvisors.com
> 
> _______________________________________________
> dba-Tech mailing list
> dba-Tech at databaseadvisors.com 
> http://databaseadvisors.com/mailman/listinfo/dba-tech
> Website: http://www.databaseadvisors.com
> 
> _______________________________________________
> dba-Tech mailing list
> dba-Tech at databaseadvisors.com 
> http://databaseadvisors.com/mailman/listinfo/dba-tech
> Website: http://www.databaseadvisors.com
> 


-- 
-Francisco
http://pcthis.blogspot.com | PC news with out the jargon!
_______________________________________________
dba-Tech mailing list
dba-Tech at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/dba-tech
Website: http://www.databaseadvisors.com






More information about the dba-Tech mailing list