| David Coulson on 4 Feb 2012 05:35:16 -0800 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Quick& dirty IP blocking |
On 2/4/12 7:04 AM, Rich Freeman wrote:
I'd say that 99% of firewall appliances (I hate the term 'hardware firewall') run some variant of Linux or BSD under the hood. You could also argue there have been more vulnerabilities in the last few years for Cisco's ASA product line (which is perhaps the most widely deployed appliance firewall platform, if you include the old Pix stuff) than there have been for the IP stack in Linux.A hardware firewall can help since it runs a less-complex OS which is likely to be better audited. However, even hardware firewalls can in theory contain vulnerabilities, and perhaps those vulnerabilities could be used to traverse the firewall.
Not to say one or the other is perfect, but the term 'hardware firewall' somehow implies there is something more secure or efficient in place, which rarely is the case.
___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug