Archived from groups: comp.security.firewalls (More info?)

I am running Norton Internet Security Personal Firewall - but was
wondering - would security, speed, and memory requirements be any better
using a router with a hardware firewall?

Archived from groups: comp.security.firewalls (More info?)

If you're talking about using a NAT router like the popular Lynksis,
D-link..... as a "hardware firewall" you would get more speed, BUT those
security systems are only good for keeping bad traffic out they don't stop
programs like torjan horse, keyloggers etc from communicating out to the
Internet. A solution involving both your Norton software and a NAT router
would be best.


"Greg" <rezlab_nospam@sbcglobal.net> wrote in message
news:6eyIc.9810$nh1.9702@newssvr25.news.prodigy.com...
> I am running Norton Internet Security Personal Firewall - but was
> wondering - would security, speed, and memory requirements be any better
> using a router with a hardware firewall?
>
>
>

Archived from groups: comp.security.firewalls (More info?)

"Greg" <rezlab_nospam@sbcglobal.net> wrote in message
news:6eyIc.9810$nh1.9702@newssvr25.news.prodigy.com...
> I am running Norton Internet Security Personal Firewall - but was
> wondering - would security, speed, and memory requirements be any better
> using a router with a hardware firewall?

Yes! Freeing up your computer to do your computing and leaving firewalls to
other hardware devices will definately improve your system's performance.
BTW, I use only a NAT router and a good AV program and my network is up 24/7
without issue. Safe computing is the best defense.

Archived from groups: comp.security.firewalls (More info?)

Paris wrote:

> If you're talking about using a NAT router like the popular Lynksis,
> D-link..... as a "hardware firewall" you would get more speed, BUT those
> security systems are only good for keeping bad traffic out they don't stop
> programs like torjan horse, keyloggers etc from communicating out to the
> Internet.

Neither do Personal Firewalls stop malware.

> A solution involving both your Norton software and a NAT router
> would be best.

A solution involving a skilled user *is* best.

Wolfgang
--
A foreign body and a foreign mind
never welcome in the land of the blind.
from 'Not one of us', (c) 1980 Peter Gabriel

Archived from groups: comp.security.firewalls (More info?)

Maybe in this specific case a life and a girlfriend would be "best"
;-0
"Wolfgang Kueter" <wolfgang@shconnect.de> wrote in message
news:ccuvtf$ff0$3@news.shlink.de...
> Paris wrote:
>
> > If you're talking about using a NAT router like the popular Lynksis,
> > D-link..... as a "hardware firewall" you would get more speed, BUT
those
> > security systems are only good for keeping bad traffic out they don't
stop
> > programs like torjan horse, keyloggers etc from communicating out to the
> > Internet.
>
> Neither do Personal Firewalls stop malware.
>
> > A solution involving both your Norton software and a NAT router
> > would be best.
>
> A solution involving a skilled user *is* best.
>
> Wolfgang
> --
> A foreign body and a foreign mind
> never welcome in the land of the blind.
> from 'Not one of us', (c) 1980 Peter Gabriel

Archived from groups: comp.security.firewalls (More info?)

yes, it would. Hardwaer based firewalls are designed to handle these
specific areas of operation and do this faster than software based fws.
However, they are also more expensive

"Greg" <rezlab_nospam@sbcglobal.net> wrote in message
news:6eyIc.9810$nh1.9702@newssvr25.news.prodigy.com...
> I am running Norton Internet Security Personal Firewall - but was
> wondering - would security, speed, and memory requirements be any better
> using a router with a hardware firewall?
>
>
>

Archived from groups: comp.security.firewalls (More info?)

A hardware firewall, like a router, protects against incoming.
It doesn't prevent outgoing; whereas a good software firewall will do
both.

On Mon, 19 Jul 2004 16:21:11 +0200, "Observer" <abc@def.com> wrote:

>yes, it would. Hardwaer based firewalls are designed to handle these
>specific areas of operation and do this faster than software based fws.
>However, they are also more expensive
>
>"Greg" <rezlab_nospam@sbcglobal.net> wrote in message
>news:6eyIc.9810$nh1.9702@newssvr25.news.prodigy.com...
>> I am running Norton Internet Security Personal Firewall - but was
>> wondering - would security, speed, and memory requirements be any better
>> using a router with a hardware firewall?
>>
>>
>>
>

Archived from groups: comp.security.firewalls (More info?)

Nobody You Need To Know wrote:
>
> A hardware firewall, like a router, protects against incoming.
> It doesn't prevent outgoing; whereas a good software firewall will do
> both.

Which hardware "firewall" can't do egress filtering?

Thor

--
http://www.anta.net/

Archived from groups: comp.security.firewalls (More info?)

In article <p0vnf0pfojnpn6h5h8pc2qtglle6ba3a5c@4ax.com>, Nobody You Need
To Know <> says...
> A hardware firewall, like a router, protects against incoming.
> It doesn't prevent outgoing; whereas a good software firewall will do
> both.

A router is NOT a firewall, you can't suggest that a ROUTER is a
firewall. A hardware firewall WILL block outbound and inbound
connections based on defined rule sets. If you had said "A ROUTER, not
like a firewall, does not limit outbound" then you would have been on
the right track.

In most cases, many of the new routers provide the ability to block
outbound by port (or port range), but many do not, and that does NOT
make them a firewall by definition. None of the routers I've seen and
determine type of traffic, only block ports.

NOTE: ANY hardware firewall blocks in BOTH directions. Routers are just
simple network translation devices that are over-hyped by marketing
types as Firewalls.

A good software firewall, running on a personal computer, is very easily
compromised by the owner of the computer as the are very often required
to answer questions about permitting services/applications from
accessing in/out bound ports. Most users, the non-technical ones, that
don't have more than one computer, end up allowing their entire private
lan to be trusted, which is the same as not having a personal firewall.

> On Mon, 19 Jul 2004 16:21:11 +0200, "Observer" <abc@def.com> wrote:
>
> >yes, it would. Hardwaer based firewalls are designed to handle these
> >specific areas of operation and do this faster than software based fws.
> >However, they are also more expensive
> >
> >"Greg" <rezlab_nospam@sbcglobal.net> wrote in message
> >news:6eyIc.9810$nh1.9702@newssvr25.news.prodigy.com...
> >> I am running Norton Internet Security Personal Firewall - but was
> >> wondering - would security, speed, and memory requirements be any better
> >> using a router with a hardware firewall?
> >>
> >>
> >>
> >
>
>

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

Archived from groups: comp.security.firewalls (More info?)

Nobody You Need To Know <> wrote in
news0vnf0pfojnpn6h5h8pc2qtglle6ba3a5c@4ax.com:

> A hardware firewall, like a router, protects against incoming.
> It doesn't prevent outgoing; whereas a good software firewall will do
> both.
>

In the link, it explains a network FW which FW appliances and some
routers do meet the requirements.

There are a few other things in the link you may want to learn about FW
(s) hardware and software.

http://www.firewall-software.com/f [...] ll_do.html

Duane

Archived from groups: comp.security.firewalls (More info?)

I'm sorry but I consider this threat a nonsense. What is a hardware
firewall? In computing since 70s the hardware runs software and it is the
software the one to perform a task... like being a firewall.

So? Again... what a hardware firewall is? Is CISCO PIX a hardware firewall?
CISCO PIX 515e is an Intel 486 hardware. Any diference with a Intel 486
rackable PC? They (CISCO) run something like IOS firewall. The PC can run
many FW software.

What about the appliances tha run a tyne Linux distro tu run firewall? Are
they hard or soft? A full nonsense.

So the question could be... what fw is best? That's all.

Best Regards,
Fidelio


> "Greg" <rezlab_nospam@sbcglobal.net> wrote in message
> news:6eyIc.9810$nh1.9702@newssvr25.news.prodigy.com...
> > I am running Norton Internet Security Personal Firewall - but was
> > wondering - would security, speed, and memory requirements be any better
> > using a router with a hardware firewall?

Archived from groups: comp.security.firewalls (More info?)

Fidelio wrote:

> What is a hardware
> firewall? In computing since 70s the hardware runs software and it is the
> software the one to perform a task... like being a firewall.

You're right - the terms "hardware firewall" and "software firewall" are
technically incorrect. However, it is obvious that there is a need to
distinguish between workstation software such as ICF, Sygate or Tiny, and,
OTOH, external, dedicated firewalls.

> What about the appliances tha run a tyne Linux distro tu run firewall? Are
> they hard or soft?

From a penetrability viewpoint, probably the greatest difference is that
Linux firewalls often are used to protect other hosts, whereas Windows
"software firewalls" are typically used to protect only the workstation they
are running on.

Two important questions to ask are:

- can the firewall be axiomatically compromised by obtaining superuser
access on a/the host it protects?

- is the firewall always able to map connection attempts to specific
processes?

Maybe you would like to write a draft specification of which terminology
should be universally adopted.

Thor

--
http://www.anta.net/

Archived from groups: comp.security.firewalls (More info?)

On Tue, 20 Jul 2004 09:26:57 +0200, Fidelio spoketh

>I'm sorry but I consider this threat a nonsense. What is a hardware
>firewall? In computing since 70s the hardware runs software and it is the
>software the one to perform a task... like being a firewall.
>
>So? Again... what a hardware firewall is? Is CISCO PIX a hardware firewall?
>CISCO PIX 515e is an Intel 486 hardware. Any diference with a Intel 486
>rackable PC? They (CISCO) run something like IOS firewall. The PC can run
>many FW software.
>
>What about the appliances tha run a tyne Linux distro tu run firewall? Are
>they hard or soft? A full nonsense.
>
>So the question could be... what fw is best? That's all.
>
>Best Regards,
>Fidelio
>

"Hardware firewall" has become (like it or not) synonymous with firewall
appliance. Now the problem is how to define a firewall appliance ...

The way I try to put it is: A firewall appliance is a dedicated unit
that does not run a user-oriented operating system, has no regular
computer connections (ie keyboard, mouse, monitor) other than ethernet
and a console/serial port, and it's only task is to work as a firewall.

That makes Pix a firewall appliance, as well as all the watchguards,
sonicwalls, the Nokia Checkpoint boxes and the Symantec gateway security
boxes. Checkpoint installed on a 1U Windows (or Unix) server does not
meet these criteria.

Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)

Archived from groups: comp.security.firewalls (More info?)

In article <g7vpf0tr6sfr45kdrqlbllbmh4fbfqm1ig@4ax.com>,
badnews@hansenonline.net says...
> "Hardware firewall" has become (like it or not) synonymous with firewall
> appliance. Now the problem is how to define a firewall appliance ...
>
> The way I try to put it is: A firewall appliance is a dedicated unit
> that does not run a user-oriented operating system, has no regular
> computer connections (ie keyboard, mouse, monitor) other than ethernet
> and a console/serial port, and it's only task is to work as a firewall.
>
> That makes Pix a firewall appliance, as well as all the watchguards,
> sonicwalls, the Nokia Checkpoint boxes and the Symantec gateway security
> boxes. Checkpoint installed on a 1U Windows (or Unix) server does not
> meet these criteria.

Very good example Lars - I'll have to remember this in the fight to
explain the different to people that are either trolls or just want to
argue.

One other thing I use to separate "appliances" from non-appliances - can
you install any other (non-firewall) application on the device, if you
can, then it's not a firewall appliance. I can't think of one appliance
that I could install MS Office or SendMail on.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

Archived from groups: comp.security.firewalls (More info?)

"Leythos" <void@nowhere.com> wrote in message
news:MPG.1b66d3cb97a0967f98a7bb@news-server.columbus.rr.com...
> In article <g7vpf0tr6sfr45kdrqlbllbmh4fbfqm1ig@4ax.com>,
> badnews@hansenonline.net says...
> > "Hardware firewall" has become (like it or not) synonymous with firewall
> > appliance. Now the problem is how to define a firewall appliance ...
> >
> > The way I try to put it is: A firewall appliance is a dedicated unit
> > that does not run a user-oriented operating system, has no regular
> > computer connections (ie keyboard, mouse, monitor) other than ethernet
> > and a console/serial port, and it's only task is to work as a firewall.
> >
> > That makes Pix a firewall appliance, as well as all the watchguards,
> > sonicwalls, the Nokia Checkpoint boxes and the Symantec gateway security
> > boxes. Checkpoint installed on a 1U Windows (or Unix) server does not
> > meet these criteria.
>
> Very good example Lars - I'll have to remember this in the fight to
> explain the different to people that are either trolls or just want to
> argue.
>
> One other thing I use to separate "appliances" from non-appliances - can
> you install any other (non-firewall) application on the device, if you
> can, then it's not a firewall appliance. I can't think of one appliance
> that I could install MS Office or SendMail on.
>
> --
> --
> spamfree999@rrohio.com
> (Remove 999 to reply to me)

I'm not familiar with "hardware firewalls", never having used one. The term
appliance seems a little awkward, but any way that you describe it, it would
necessarily have to be software driven. The only question I would have
would be the updating of the software in the "appliance" (hardware
firewall). How often is this updated and how? Thinking further, I used a
2Wire DSL interface for a while a couple of years ago. Would this be
classified as a "hardware firewall/appliance" that is being talked about?

DDDD