OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
NFR Wizards Archives: RE: Hardware vs. Software firewall reliab

RE: Hardware vs. Software firewall reliability

Lart (larthacksec.org)
Thu, 9 Sep 1999 21:00:28 -0400

: -----Original Message-----
: From: owner-firewall-wizardslists.nfr.net
: [mailto:owner-firewall-wizardslists.nfr.net]On Behalf Of Marcus J.
: Ranum
: Sent: Wednesday, September 08, 1999 9:50 PM
: To: firewall-wizardsnfr.net
: Subject: Re: Hardware vs. Software firewall reliability
:
:
: Bill Stout wrote:
: >I notice that more firewalls are of the hardware type.
:
: Yup. It's because vendors are sick of being tortured over operating
: system issues, so they choose to hide it. If you come out with an
: overtly UNIX product, the NT heads will scream until you make an NT
: version and then the various UNIX factions will bicker over which
: UNIX flavor and hardware you support.

The "black box" vendors, however, seem to have chosen (for the most part),
an Intel x86 CPU and some form of x86 Unix (FreeBSD and Linux primarily).
Take for example the Nokia/VPN-1 boxen. At the core, they run what's
basically FreeBSD. It's been significantly modified, but it's still FreeBSD
at the core. Same goes for Internet Devices'
(now Alcatel) Fort Knox.

Personally speaking, I love watching NT guys shriek in terror as they watch
me configure an NT box for use with FireWall-1. I start by removing all of
those pesky network services like Server and Workstation. They tell me how
NT won't work, that it needs those services just to boot. Bzzzzz. It's
really quite fun to watch the look of panic, and then the puzzlement when
you tell that you just turned their precious NT box into an IP router that
happens to look like Windows....

--lart

This archive was generated by hypermail 2.0b3 on Fri Sep 10 1999 - 06:33:48 CDT