David Coulson on 4 Feb 2012 05:35:16 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Quick& dirty IP blocking

On 2/4/12 7:04 AM, Rich Freeman wrote:

A hardware firewall can help since it runs a less-complex OS which is
likely to be better audited.  However, even hardware firewalls can in
theory contain vulnerabilities, and perhaps those vulnerabilities
could be used to traverse the firewall.
I'd say that 99% of firewall appliances (I hate the term 'hardware firewall') run some variant of Linux or BSD under the hood. You could also argue there have been more vulnerabilities in the last few years for Cisco's ASA product line (which is perhaps the most widely deployed appliance firewall platform, if you include the old Pix stuff) than there have been for the IP stack in Linux.

Not to say one or the other is perfect, but the term 'hardware firewall' somehow implies there is something more secure or efficient in place, which rarely is the case.
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug