On Tue, 2002-10-15 at 00:26, Jared Valentine wrote: > > While it is correct that all security comes down to "software" at some > point, I would argue that hardware is much more secure. The difference > between the two is that the hardware manufacturer can build off of a trusted > base/OS. They can look at the OS line by line and strip out everything not > essential for the operating of that firewall. I think that you "DON'T GET" Marcus's comment. Hardware in this sense is still software - embedded systems. Nothing in the Gartner paper contradicts that. Take a look at Alan Cooper's "The Inmate are running the asylum". There is a big gulf between a my 1951 Leica and my 2001 Leica. The latter _is_ all done by software. The former I can open up and see and repair. And so on. No, the h/w vs s/w issue is more like this. As an example, suppose you have a firewall between two networks of radically differencing trust levels. You can make the 'hardware" wiring connections in various ways: Option #1: Connect both sides to the same Switch and use VLAN to separate them. Option #2: Connect each side to a physically separate switch. The former is relying on s/w. The latter relies on hardware. Yes, there are issues of "separation of duty" and all that good stuff. But the point is that even though the switch is a piece of hardware, it works by software. Same argument with an ESS-7 vs an old Strowger cross-bar. You might also check out Bruce Schneier's book "Secrets and Lies" and see his comments on embedded security devices such as those John Pescatore mentions. They are not more invulnerable because they don't have a screen and keyboard and command line. John Pescatore is blowing smoke. The article is feel-good misinformation. /anton -- Interoperability isn't an engineering issue, it's a business issue. Creating the Web -- HTTP plus HTML -- was probably the last instance where standards of global importance were designed and implemented without commercial interference. Standards have become too important as competitive tools to leave them where they belong, in the hands of engineers. Incompatibility doesn't exist because companies can't figure out how to cooperate with one another. It exists because they don't want to cooperate with one another. -- Clay Shirky, 09/15/2000 _______________________________________________ firewall-wizards mailing list firewall-wizardsat_private http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
This archive was generated by hypermail 2b30 : Tue Oct 15 2002 - 09:03:10 PDT