Security Basics mailing list archives
RE: Firewall/Router: Dedicated Server or Appliance?
From: "David Gillett" <gillettdavid () fhda edu>
Date: Wed, 2 Nov 2005 11:26:14 -0800
There is generally not much special about "hardware firewalls" or appliances... they are just another computer.
Except that "another computer" will probably be running a general-purpose operating system which exposes a file system for storing arbitrary binaries and a command interface by which they can be launched. An appliance may not expose those features, *if* they are even present at all. Collective wisdom is that one should run as little extraneous code as possible on a firewall, not least because flaws in that additional code may enable bypass of the firewall functionality. But in a frugal business environment, it may be hard to resist pressure to host additional services on a generic host that happens to provide the firewall service. It can be much easier to resist this pressure if an appliance is deployed -- "Sorry, the firewall can't do that...." David Gillett
Current thread:
- Firewall/Router: Dedicated Server or Appliance? Nuno Marques (Nov 01)
- Re: Firewall/Router: Dedicated Server or Appliance? Fred Cohen (Nov 02)
- Re: Firewall/Router: Dedicated Server or Appliance? André Gil (Nov 02)
- Re: Firewall/Router: Dedicated Server or Appliance? Ivan . (Nov 02)
- Re: Firewall/Router: Dedicated Server or Appliance? Bryan S. Sampsel (Nov 02)
- <Possible follow-ups>
- Re: Firewall/Router: Dedicated Server or Appliance? anonymous (Nov 02)
- RE: Firewall/Router: Dedicated Server or Appliance? David Gillett (Nov 02)
- RE: Firewall/Router: Dedicated Server or Appliance? Bryan S. Sampsel (Nov 03)
- RE: Firewall/Router: Dedicated Server or Appliance? David Gillett (Nov 04)
- RE: Firewall/Router: Dedicated Server or Appliance? Bryan S. Sampsel (Nov 04)
- RE: Firewall/Router: Dedicated Server or Appliance? David Gillett (Nov 02)