RE: Firewall: dedicated equipament x Unix workstation

[Gary Crumrine <gcrum () us-state gov>]

The wisdom from the past used to point that way, but I have had a 
change in heart lately.  After trying to convince clients that they 
need a box for a firewall, a box for virus checking, a box for 
intrusion detection, a box for RAS dialin, a box for a mail server, a 
box for a web server, and a box for an auth server for VPNs... yadda 
yadda yadda.. their eyes just glaze over and they walk away mumbling 
to themselves.  There we go shooting ourselves in the foot again.

I think the smart visionary companies are starting to incorporate 
more features, and technologies into one integrated package.  I also 
think that this is the real goal of all the recent acquisitions.

The vendors that are able to put this functionality together in a 
nice tight package and wrap it with a bow are going to control the 
market share down the road.

Just my opinion, for what it is worth.  Sorry if I let someone's cat 
out of the bag.  But damn it would be nice to have all this in one 
nice neat package, cost under 10K and have it work the first time out 
of the box without having to load a zillion patches in it.

A little too Utopian perhaps?

Heck, we can't get beyond the UNIX vs NT debate.  Much less agree on 
this sort of mega issue.
-----Original Message-----
From:   Carlos Henrique Bauer [SMTP:bauer () atlas unisinos tche br]
Sent:   Thursday, October 01, 1998 10:23 AM
To:     firewall-wizards () nfr net
Subject:        Firewall: dedicated equipament x Unix workstation

Hi,

Some people believe that firewalls running in a dedicated network
device are more secure than the ones running on a generic Unix
workstation.

Is that true, a myth or just a matter of taste?

Best regards,

Carlos Bauer