John Pescatore (VP @ Gartner) wrote a good report/article on just this subject. "Software security is soft security: Hardware is required." I'm sure you can make your own assumptions based on the title of the article. :) The paper is probably one you must pay for @ Gartner, but I was able to pull up a cache on it from Google: http://www.google.com/search?q=john+pescatore+%22soft+security%22&btnG=Googl e+Search&hl=en&lr=&ie=UTF-8&oe=UTF-8 Go to the 2nd link and click on "Cached". You can find the full text of the article. A direct link to the cached article is here (sorry for the long link): http://216.239.35.100/search?q=cache:31DW9ISP6pwC:builder.com.com/printerfri endly.jhtml%3Fid%3Dr00720020626jdt01.htm+john+pescatore+%22soft+security%22& hl=en&ie=UTF-8 I especially liked the quote: "Throwing more security software at a security problem that is caused by the essentially insecure nature of software is like going to a blind barber-it can only end badly and, more likely than not, bloodily." While it is correct that all security comes down to "software" at some point, I would argue that hardware is much more secure. The difference between the two is that the hardware manufacturer can build off of a trusted base/OS. They can look at the OS line by line and strip out everything not essential for the operating of that firewall. A software firewall doensn't enjoy the same operating environment. It lies on top of an inheriently unsecure general purpose operating system (ie; Windows), and therefore is subject to all of the vulnerabilities of that operating system. In recent weeks, bugbear has made the rounds. Bugbear was quite different than many viruses out there in that it disables software firewalls and antivirus software. I'm not recommending that anyone go without a software firewall or antivirus, but your best bet defense will be hardware if you wish to ultimately rely upon that solution. This hardware can be an external firewall appliance, or a PCI/PC Card firewall device located in the Server/Desktop/Laptop. With this in light, the future looks interesting with things like TCPA/Palladium. What if you could actually trust the operating system?! Jared Valentine hiddenat_private -----Original Message----- From: firewall-wizards-adminat_private [mailto:firewall-wizards-adminat_private]On Behalf Of Dominic Malig Sent: Monday, October 14, 2002 8:37 AM To: firewall-wizardsat_private Subject: [fw-wiz] Proverbial appliance vs software based firewall Hi to all, Given topics discussed here, I am quite sure that this was discussed before -- but any updates on the proverbial firewall appliance vs software firewall 'which is better' discussion(aside from the usuals re hardened OS, cost, etc.) Would also appreciate comprehensive links so that I can refer to them as sources... Thanks a lot! __________________________________________________ Do you Yahoo!? Faith Hill - Exclusive Performances, Videos & More http://faith.yahoo.com _______________________________________________ firewall-wizards mailing list firewall-wizardsat_private http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizardsat_private http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
This archive was generated by hypermail 2b30 : Tue Oct 15 2002 - 05:38:38 PDT