Security Basics mailing list archives

RE: Firewall/Router: Dedicated Server or Appliance?

From: "David Gillett" <gillettdavid () fhda edu>
Date: Wed, 2 Nov 2005 11:26:14 -0800

There is generally not much special about "hardware 
firewalls" or appliances... they are just another computer.


  Except that "another computer" will probably be running a
general-purpose operating system which exposes a file system
for storing arbitrary binaries and a command interface by which 
they can be launched.  An appliance may not expose those features,
*if* they are even present at all.

  Collective wisdom is that one should run as little extraneous
code as possible on a firewall, not least because flaws in that
additional code may enable bypass of the firewall functionality.
But in a frugal business environment, it may be hard to resist
pressure to host additional services on a generic host that 
happens to provide the firewall service.  It can be much easier
to resist this pressure if an appliance is deployed -- "Sorry,
the firewall can't do that...."

David Gillett

Current thread:

Firewall/Router: Dedicated Server or Appliance? Nuno Marques (Nov 01)
- Re: Firewall/Router: Dedicated Server or Appliance? Fred Cohen (Nov 02)
- Re: Firewall/Router: Dedicated Server or Appliance? André Gil (Nov 02)
- Re: Firewall/Router: Dedicated Server or Appliance? Ivan . (Nov 02)
- Re: Firewall/Router: Dedicated Server or Appliance? Bryan S. Sampsel (Nov 02)
- <Possible follow-ups>
- Re: Firewall/Router: Dedicated Server or Appliance? anonymous (Nov 02)
  - RE: Firewall/Router: Dedicated Server or Appliance? David Gillett (Nov 02)
    - RE: Firewall/Router: Dedicated Server or Appliance? Bryan S. Sampsel (Nov 03)
    - RE: Firewall/Router: Dedicated Server or Appliance? David Gillett (Nov 04)
    - RE: Firewall/Router: Dedicated Server or Appliance? Bryan S. Sampsel (Nov 04)