Sign in with
Sign up | Sign in
Your question

Hardware Firewall??

Last response: in Networking
Share
Anonymous
August 25, 2005 11:50:25 AM

Archived from groups: comp.security.firewalls (More info?)

What is the difference between a "hardware firewall" and
a "software firewall"?

If there is a difference why does everybody say that the hardware
one is better?

In my oppinion the hardware firewall is the shield/wall between the engine
compartment and the driver/passenger seats in a car!

I can not see that hardware can protect against attacs from Internet.

Is a firewall built into a router a hardware or software firewall?

I have a Freesco router and software firewall running in hardware!

Ralph in Sweden

More about : hardware firewall

August 25, 2005 12:15:35 PM

Archived from groups: comp.security.firewalls (More info?)

> What is the difference between a "hardware firewall" and
> a "software firewall"?

"Hardware Firewall" is a misnomer. Some top of the line so-called hardware
firewalls have spinning disks.

Most folks in this newsgroup seem to equate hardware firewall with "real"
firewall. Not true. Or sometimes hardware firewall is associated with any
hardware NAT router solution. Not true. Lots more to it.

-Frank
Anonymous
August 25, 2005 4:18:22 PM

Archived from groups: comp.security.firewalls (More info?)

Ralph Höglund <ralphot@telia.com> wrote:
> What is the difference between a "hardware firewall" and
> a "software firewall"?

The latter is sold without the hardware, where it's running.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Related resources
Anonymous
August 25, 2005 4:18:23 PM

Archived from groups: comp.security.firewalls (More info?)

Volker Birk skrev:
> Ralph Höglund <ralphot@telia.com> wrote:
>
>>What is the difference between a "hardware firewall" and
>>a "software firewall"?
>
>
> The latter is sold without the hardware, where it's running.
>
> Yours,
> VB.
So, a router with firewall incorporated is a "Hardware firewall" then, or?
There is really not any particular difference after all?

I mean if you buy a firewall box, the firewall is after all software.

So you mean that it is mearly a definition of how it is packaged,
not how good it is to protect.

Why I am asking is that many people talk about "hardware firewall"
as a better solution then the software alternative.

In my opinion it must depend on how the software is configured,
good filtering with stealthed ports and other security functions and so on.

Yours also,
Ralph
Anonymous
August 25, 2005 4:22:04 PM

Archived from groups: comp.security.firewalls (More info?)

In article <xjiPe.32351$d5.187191@newsb.telia.net>, ralphot@telia.com
says...
> Volker Birk skrev:
> > Ralph Höglund <ralphot@telia.com> wrote:
> >
> >>What is the difference between a "hardware firewall" and
> >>a "software firewall"?
> >
> >
> > The latter is sold without the hardware, where it's running.
> >
> > Yours,
> > VB.
> So, a router with firewall incorporated is a "Hardware firewall" then, or?
> There is really not any particular difference after all?

A Firewall that acts as a router is not the same as a router with
firewall features - notice the difference?

Both are appliances, so both are hardware devices. Generally anything
that is a dedicated appliance, used for nothing else, is considered a
"Hardware Firewall". Generally that excludes a PC running an application
that is also used to run anything other than that application.

> I mean if you buy a firewall box, the firewall is after all software.

Not quite the same, it's firmware. Firmware is software, but it's not
anything like running an application on a non-dedicated box.

> So you mean that it is mearly a definition of how it is packaged,
> not how good it is to protect.

Actually, both - a firewall appliance is a device specifically
setup/coded to do ONE thing and it does it very-well. It's specifically
tested to do that one thing and often certified as being able to do that
one thing under all sorts of conditions. As an example, a firewall
running a BSD solution does not run ALL of the BSD solution, only the
parts necessary to act as the firewall and run the firmware coded by the
vendor.

Firewalls (appliances) are also built with less code than a Computer
running an OS and then running a firewall Application. So you have less
chance for error, less chance for exploits, less chance for something to
"slip by" the designers.

> Why I am asking is that many people talk about "hardware firewall"
> as a better solution then the software alternative.

Now you know, and it's 100% true.

> In my opinion it must depend on how the software is configured,
> good filtering with stealthed ports and other security functions and so on.

Nope, hope you understand now why a application running on a PC is not
as secure as an Appliance, and why none of us trust a Firewall
application running on a Non-Dedicated computer.


--

spam999free@rrohio.com
remove 999 in order to email me
Anonymous
August 25, 2005 5:12:57 PM

Archived from groups: comp.security.firewalls (More info?)

Ralph Höglund <ralphot@telia.com> wrote in
news:xjiPe.32351$d5.187191@newsb.telia.net:

> Volker Birk skrev:
>> Ralph Höglund <ralphot@telia.com> wrote:
>>
>>>What is the difference between a "hardware firewall" and
>>>a "software firewall"?
>>
>>
>> The latter is sold without the hardware, where it's running.
>>
>> Yours,
>> VB.

> So, a router with firewall incorporated is a "Hardware firewall" then,
> or? There is really not any particular difference after all?

Yeah there is a difference such as a packet filtering FW router, a router
using NAT solely as a means of protection and nothing else FW like, and
then there are FW appliances.

>
> I mean if you buy a firewall box, the firewall is after all software.

Yes this is true. However, a router running a packet filtering FW or a FW
appliance is a standalone device. A host based FW runs on a computer and
needs the computer's O/S to function and is only as secure as the O/S is
made to be secure and runs the risk of being attacked and compromised
just like the O/S can be attacked and compromised.

>
> So you mean that it is mearly a definition of how it is packaged,
> not how good it is to protect.

You have routers that have FW like abilities but are not running FW
software, packet filtering FW routers, FW appliances, network host based
FW(s) that use two interfaces an Internet facing interface/NIC and
private side network interface/NIC, and then you have the so called
personal FW host based solutions that need an O/S to function that is not
a FW since it's not separating two networks and is machine level
protection that protects the O/S, its services, and Internet applications
that are running on the machine for a computer that has a direct
connection to the Internet.

>
> Why I am asking is that many people talk about "hardware firewall"
> as a better solution then the software alternative.

That depends on the type of FW solution you're talking about. A gateway
computer running a host based network FW and the O/S is secure is just as
good in the protection as a packet filtering FW router or FW appliance.
You're talking about a router that's running NAT only as a limited means
of protection or a PFW solution; they seem to be suspect or questionable
as to how well they protect, IMHO.

>
> In my opinion it must depend on how the software is configured,
> good filtering with stealthed ports and other security functions and
> so on.

Yes, it depends on how well the FW software is configured and for a host
based network FW, it also depends upon how secure is the O/S that it's
running with at the same time along with how well the software is
configured. Plug and go solutions such as packet filtering FW routers or
FW appliances are for the most part preconfigured devices that need very
little setup and have the means to set more complex filtering rules if
need be. A router running solely NAT really has no configuration
abilities to speak of but some have FW like features that can be
configured.

The links may help you in understanding FW(s) and FW solutions.

http://www.vicomsoft.com/knowledge/reference/firewalls1...
http://www.more.net/technical/netserv/tcpip/firewalls/

Duane :) 
Anonymous
August 25, 2005 11:54:04 PM

Archived from groups: comp.security.firewalls (More info?)

In article <CKWdna9HhJ0UT5DeRVn-uw@giganews.com>, Frank@SPAM2TRASH.com
says...
> > What is the difference between a "hardware firewall" and
> > a "software firewall"?
>
> "Hardware Firewall" is a misnomer. Some top of the line so-called hardware
> firewalls have spinning disks.
>
> Most folks in this newsgroup seem to equate hardware firewall with "real"
> firewall. Not true. Or sometimes hardware firewall is associated with any
> hardware NAT router solution. Not true. Lots more to it.

I like to think "Appliance" and not Hardware, as an Appliance is
different than a PC (even a dedicated one) running an OS/Application.
Applainces are not able to be used as PC's, they are dedicated devices
with one purpose.

As for Firewall, there are many types of Firewall Solutions, some based
on appliances, some based on PC/Servers with a custom OS or a hardened
OS, and then the Firewall Software and at least two network cards...

NAT Routers, those cheap things you get at BestBuy, are never considered
as Firewalls in my mind/solutions - but they do offer a minimum level of
protection that all home users should have.

--

spam999free@rrohio.com
remove 999 in order to email me
August 26, 2005 1:52:05 PM

Archived from groups: comp.security.firewalls (More info?)

On Thu, 25 Aug 2005 07:50:25 GMT, Ralph Höglund <ralphot@telia.com> wrote:

>What is the difference between a "hardware firewall" and
>a "software firewall"?
>
>If there is a difference why does everybody say that the hardware
>one is better?
>
>In my oppinion the hardware firewall is the shield/wall between the engine
>compartment and the driver/passenger seats in a car!
>
>I can not see that hardware can protect against attacs from Internet.
>
>Is a firewall built into a router a hardware or software firewall?
>
>I have a Freesco router and software firewall running in hardware!
>
>Ralph in Sweden

Ralph,

A "software" or "personal" firewall runs on the computer that it's protecting,
and protects only that computer. A "hardware" firewall runs on a separate piece
of equipment, and provides perimeter protection, to a group of computers.

Both hardware and software firewalls require an operating system. The hardware
firewall contains a stripped down operating system, that provides only the
ability to examine, and to move, packets between the interfaces (WAN and LAN),
and maybe a small web server that allows you to make configuration changes.

The software firewall uses an operating system that lets you use your computer
for non-firewall purposes, and make changes to reflect how you want to use your
computer.

There are advantages and disadvantages to both. Saying that one is better than
the other is like saying Coke is better than Pepsi, or Chevrolet better than
Ford.

Hardware Firewall.
# Advantages: Smaller and more efficient. Contains less code to exploit.
Contains minimal code that can be exploited by the user. Filters malicious
incoming traffic before it hits the protected computers. Has a dedicated
processor, and dedicated storage, which when in use does not impact use of
protected computers.
# Disadvantages: Has no knowledge of programs running on the protected
computers, so can't effectively filter outgoing traffic. The dedicated
processor, and dedicated storage, is finite in capacity, so must be carefully
chosen for the intended workload. Can be exploited by overload. Requires one
more power connection, and one more network cable. Hardware is not easily
upgradable, except by replacing the firewall itself.

Software Firewall.
# Advantages: More configurable. Since it sits on your desktop, you can make
changes at will. Since it can hook into the operating system, it knows what
programs are running there, and can protect accordingly. Provides individual
protection - if one computer in the LAN gets infected with malware, all
computers running a software firewall are protected. Is easily upgraded, by
adding hardware to the protected computer.
# Disadvantages: More configurable. Since it sits on your desktop, you can make
changes at will. Uses processor power, and storage, which may compete with use
of computer, causing tuning needs, and temptation to disable features. Can be
exploited, thru its many features. Malicious incoming traffic is filtered only
after it hits the computer, and the operating system.

A Freesco firewall appears to be a personal firewall, running on a (hopefully)
dedicated computer running Linux. Linux is an operating system, and has the
features of an operating system. How do you use the Freesco box? Does it
contain any applications, such as a web browser or text editor? Does it support
a monitor and keyboard, or do you configure it thru a web browser? When you
load Freesco, does it strip down the features, to make it more like the
operating system in a "hardware firewall"? All of these questions determine how
versatile it is, and how exploitable it is.

--
Cheers,
Chuck
http://nitecruzr.blogspot.com/
Paranoia is not necessarily a bad thing - it's a normal response from experience.
Anonymous
August 26, 2005 3:57:37 PM

Archived from groups: comp.security.firewalls (More info?)

Ralph Höglund <ralphot@telia.com> wrote:
> So, a router with firewall incorporated is a "Hardware firewall" then, or?

Not every firewall implementation is routing. Look at the PIX, for example.

> There is really not any particular difference after all?

A firewall is the concept to have security zones for your network, and
to have a box in between two zones, which is restricting communication
between zones according to your policy.

Software to implement that, especially filtering software, often is
called "firewall" also.

Ready made computers with software "out of the box" to implement this,
are also called "firewalls". This is what is called a "hardware firewall",
it's a product type you can buy.

> So you mean that it is mearly a definition of how it is packaged,
> not how good it is to protect.

Yes.

> Why I am asking is that many people talk about "hardware firewall"
> as a better solution then the software alternative.

Of course, a "Personal Firewall" is no firewall at all. It's host
based filtering, not having a firewall between the hosts in one
network and another.

Host based filtering sometimes is a good idea; unfortunately, the
"Personal Firewall" providers are promisng heaven and earth in their
advertisments, but delivering questionable products.

So if someone compares filtering routers with "Personal Firewalls"
by calling them "hardware firewall" and "software firewall", I can
understand why to prefer "hardware firewalls". ;-)

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
August 26, 2005 4:01:42 PM

Archived from groups: comp.security.firewalls (More info?)

Leythos <void@nowhere.lan> wrote:
> A Firewall that acts as a router is not the same as a router with
> firewall features - notice the difference?

No. Please explain.

> > I mean if you buy a firewall box, the firewall is after all software.
> Not quite the same, it's firmware. Firmware is software, but it's not
> anything like running an application on a non-dedicated box.

This is nonsense. Most people call the software "firmware", which is
booted through ROM or FlashRAM first, when a computer starts. This can be
any software.

> As an example, a firewall
> running a BSD solution does not run ALL of the BSD solution, only the
> parts necessary to act as the firewall and run the firmware coded by the
> vendor.

Of course, it's a good idea, to reduce code to have security. So of
course you're right here, hopefully with any firewall implementation
there is as few code on that machine as possible.

> > Why I am asking is that many people talk about "hardware firewall"
> > as a better solution then the software alternative.
> Now you know, and it's 100% true.

Don't think so.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
August 26, 2005 4:01:43 PM

Archived from groups: comp.security.firewalls (More info?)

In article <430ee886@news.uni-ulm.de>, bumens@dingens.org says...
> Leythos <void@nowhere.lan> wrote:
> > A Firewall that acts as a router is not the same as a router with
> > firewall features - notice the difference?
>
> No. Please explain.

It seems that any explanation I give you would be met with no
understanding, so, you might want to re-read the post until you figure
it out.

--

spam999free@rrohio.com
remove 999 in order to email me
Anonymous
August 26, 2005 4:02:51 PM

Archived from groups: comp.security.firewalls (More info?)

Frankster <Frank@spam2trash.com> wrote:
> Most folks in this newsgroup seem to equate hardware firewall with "real"
> firewall. Not true. Or sometimes hardware firewall is associated with any
> hardware NAT router solution. Not true. Lots more to it.

Please explain.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
August 26, 2005 4:02:52 PM

Archived from groups: comp.security.firewalls (More info?)

Volker Birk skrev:
> Frankster <Frank@spam2trash.com> wrote:
>
>>Most folks in this newsgroup seem to equate hardware firewall with "real"
>>firewall. Not true. Or sometimes hardware firewall is associated with any
>>hardware NAT router solution. Not true. Lots more to it.
>
>
> Please explain.
>
> Yours,
> VB.

I found an interesting article here:
http://www.smallbusinesscomputing.com/webmaster/article...

Ronald Pacchiano means that software firewall is the firewall you have
installed in the computer you are using, one way of describing it.

I have therfore firewall/router in a separate Freesco-box with
CPU, RAM, power, 1,44 Mb floppy, 2 NIC - one to modem one to switch.

In each of my computers I have F-Secure software firewall and antivirus.
Anonymous
August 26, 2005 4:05:28 PM

Archived from groups: comp.security.firewalls (More info?)

Leythos <void@nowhere.lan> wrote:
> I like to think "Appliance" and not Hardware, as an Appliance is
> different than a PC (even a dedicated one) running an OS/Application.

Many appliences are just PC hardware running an OS and some applications.
You can buy them as a ready made box.

> Applainces are not able to be used as PC's, they are dedicated devices
> with one purpose.

Oh, yes, usually it's possible, just like with the WLAN-routers and DSL-
devices. Many of them you can use as Linux or BSD hosts also today.

I already have tried out this.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
August 26, 2005 4:05:29 PM

Archived from groups: comp.security.firewalls (More info?)

In article <430ee968@news.uni-ulm.de>, bumens@dingens.org says...
> Leythos <void@nowhere.lan> wrote:
> > I like to think "Appliance" and not Hardware, as an Appliance is
> > different than a PC (even a dedicated one) running an OS/Application.
>
> Many appliences are just PC hardware running an OS and some applications.
> You can buy them as a ready made box.

Just because they have a motherboard and run a limited controlled
language, that does not make them a PC hardware. There are a world of
differences between a controller (which uses some components - like a
CPU/Memory) and a Personal Computer motherboard. I don't expect you to
understand this or to even want to, but you should not assume that any
Firewall Appliance is just a Personal Computer motherboard with some
software.


> > Applainces are not able to be used as PC's, they are dedicated devices
> > with one purpose.
>
> Oh, yes, usually it's possible, just like with the WLAN-routers and DSL-
> devices. Many of them you can use as Linux or BSD hosts also today.
>
> I already have tried out this.

And a home user setting up a Linux box is not going to be as secure as
one purchasing a "Firewall Appliance" by default. Consider all of the
exploits out for nix boxes before you reply.

--

spam999free@rrohio.com
remove 999 in order to email me
Anonymous
August 26, 2005 4:07:03 PM

Archived from groups: comp.security.firewalls (More info?)

In article <AeDPe.32407$d5.187299@newsb.telia.net>, ralphot@telia.com
says...
> Volker Birk skrev:
> > Frankster <Frank@spam2trash.com> wrote:
> >
> >>Most folks in this newsgroup seem to equate hardware firewall with "real"
> >>firewall. Not true. Or sometimes hardware firewall is associated with any
> >>hardware NAT router solution. Not true. Lots more to it.
> >
> >
> > Please explain.
> >
> > Yours,
> > VB.
>
> I found an interesting article here:
> http://www.smallbusinesscomputing.com/webmaster/article...
>
> Ronald Pacchiano means that software firewall is the firewall you have
> installed in the computer you are using, one way of describing it.
>
> I have therfore firewall/router in a separate Freesco-box with
> CPU, RAM, power, 1,44 Mb floppy, 2 NIC - one to modem one to switch.
>
> In each of my computers I have F-Secure software firewall and antivirus.

That would be a Dedicated Firewall Server, which, while not the same as
an Appliance, is many times better than something one runs on their
personal computer that they use for daily use.

There are dedicated servers, appliances, and personal firewall software
solutions.

--

spam999free@rrohio.com
remove 999 in order to email me
Anonymous
August 26, 2005 6:35:04 PM

Archived from groups: comp.security.firewalls (More info?)

Leythos <void@nowhere.lan> wrote:
> In article <430ee886@news.uni-ulm.de>, bumens@dingens.org says...
> > Leythos <void@nowhere.lan> wrote:
> > > A Firewall that acts as a router is not the same as a router with
> > > firewall features - notice the difference?
> > No. Please explain.
> It seems that any explanation I give you would be met with no
> understanding, so, you might want to re-read the post until you figure
> it out.

Hm... this explanation is not very convincing. Please try again.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
August 26, 2005 6:44:38 PM

Archived from groups: comp.security.firewalls (More info?)

Leythos <void@nowhere.lan> wrote:
> In article <430ee968@news.uni-ulm.de>, bumens@dingens.org says...
> > Leythos <void@nowhere.lan> wrote:
> > > I like to think "Appliance" and not Hardware, as an Appliance is
> > > different than a PC (even a dedicated one) running an OS/Application.
> > Many appliences are just PC hardware running an OS and some applications.
> > You can buy them as a ready made box.
> Just because they have a motherboard and run a limited controlled
> language, that does not make them a PC hardware.

Yes, of course. Whatever you mean with a "limited controlled language".

> There are a world of
> differences between a controller (which uses some components - like a
> CPU/Memory) and a Personal Computer motherboard.

Not every product, which is called "firewall appliance", consists of
PC hardware. Most of them (if not every) consist of computers, and many
of them run BSD or Linux. Some of them even are build with PC hardware.
Some others even have proprietary operating systems, like the Cisco PIX.

> I don't expect you to
> understand this

You seem to be a little clouded, if I should not interpret this as
impolite.

> or to even want to, but you should not assume that any
> Firewall Appliance is just a Personal Computer motherboard with some
> software.

I never thought that. Why should I? I did not write "any", I wrote
"many". Yes, that's just a single letter, but an important one ;-)

> And a home user setting up a Linux box is not going to be as secure as
> one purchasing a "Firewall Appliance" by default.

People, who are just buying security in boxes, wether they are doing
this by buying a Linux distribution and putting it onto a PC, or purchasing
a "firewall appliance" product and just pluggin it in, are not very
secure.

> Consider all of the
> exploits out for nix boxes before you reply.

This has nothing to do with exploits.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
August 26, 2005 10:18:43 PM

Archived from groups: comp.security.firewalls (More info?)

Chuck <none@example.net> wrote:
> Both hardware and software firewalls require an operating system.

It is a common mistake to assume, that you need an operating system for
running software (i.e. filtering software to build a "firewall") on a
computer.

It's not true. Operating systems have big advantages, but sometimes it's
a good idea not to have one. For filtering software, in common cases there
will be an operating system.

Sometimes filtering systems are implemented directly in hardware,
though, i.e. through describing the tasks in VHDL, see:

http://en.wikipedia.org/wiki/VHDL

Then you have no software at all. This is not very common.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
August 26, 2005 10:18:44 PM

Archived from groups: comp.security.firewalls (More info?)

On 26 Aug 2005 18:18:43 +0200, Volker Birk <*email_address_deleted*> wrote:

>Chuck <none@example.net> wrote:
>> Both hardware and software firewalls require an operating system.
>
>It is a common mistake to assume, that you need an operating system for
>running software (i.e. filtering software to build a "firewall") on a
>computer.
>
>It's not true. Operating systems have big advantages, but sometimes it's
>a good idea not to have one. For filtering software, in common cases there
>will be an operating system.
>
>Sometimes filtering systems are implemented directly in hardware,
>though, i.e. through describing the tasks in VHDL, see:
>
>http://en.wikipedia.org/wiki/VHDL
>
>Then you have no software at all. This is not very common.
>
>Yours,
>VB.

Good points, Volker.

But how many "hardware" firewalls use a VHDL infrastructure? Even the big CISCO
routers have their IOS. IOS is, I suspect, somewhere between an operating
system and VHDL. It's text based, but it has numerous utilities. And it uses
an interface for programming.

Where is VHDL processed? In firmware, or in the hardware itself? And if it has
to be upgraded, how is that done? The WikipediA article just scratches the
surface, and talks about theory.
VHDL is in fact a fairly general-purpose programming language, provided that
you have a simulator on which to run the code. It can read and write files
on the host computer...

My dissertation is just the start, and plenty more details are needed.

--
Cheers,
Chuck
http://nitecruzr.blogspot.com/
Paranoia is not necessarily a bad thing - it's a normal response from experience.
Anonymous
August 26, 2005 11:03:47 PM

Archived from groups: comp.security.firewalls (More info?)

Chuck <none@example.net> wrote:
> But how many "hardware" firewalls use a VHDL infrastructure?

Most of them. But this is misleading ;-) VHDL is a language, which is
very common in chip design, so nearly every computer contains chips
designed in VHDL today.

> Even the big CISCO
> routers have their IOS. IOS is, I suspect, somewhere between an operating
> system and VHDL.

IOS is an operating system. Most firewalls of Cisco don't use IOS BTW -
they use PIX OS.

> Where is VHDL processed?

VHDL usually is processed by design software for digital design. Then
the result is used to "burn" FPGAs or to manufacture ASICs.

> And if it has
> to be upgraded, how is that done?

You have to change the chip.

> The WikipediA article just scratches the
> surface, and talks about theory.

Yes. I know it, because I supplied a chip design company with hard- and
software some years ago. Because I'm mainly doing software development,
it was very interesting for me to see, how hardware development is done
there.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
August 27, 2005 4:58:04 AM

Archived from groups: comp.security.firewalls (More info?)

begin quotation
from Chuck <none@example.net>
in message <cjgug1tdtiuanbrpv3gsprjqb2e7umscac@4ax.com>
posted at 2005-08-26T16:42
> On 26 Aug 2005 18:18:43 +0200, Volker Birk <*email_address_deleted*> wrote:
>> Sometimes filtering systems are implemented directly in hardware,
>> though, i.e. through describing the tasks in VHDL, see:

>> http://en.wikipedia.org/wiki/VHDL

>> Then you have no software at all. This is not very common.

> Good points, Volker.

> But how many "hardware" firewalls use a VHDL infrastructure? Even the
> big CISCO routers have their IOS. IOS is, I suspect, somewhere between
> an operating system and VHDL. It's text based, but it has numerous
> utilities. And it uses an interface for programming.

"Text based" doesn't really say much about an OS. I think even Windows
could technically be text-based, as in you can make boot floppies which
never boot the GUI. I know OS/2 would boot without the Presentation
Manager (GUI), and we all know that Unix and Unix-like operating systems
pre-date widespread use of GUIs at all.

> Where is VHDL processed? In firmware, or in the hardware itself?

VHDL is used to describe hardware, so it's processed as part of making
the chips themselves.


--
___ _ _____ |*|
/ __| |/ / _ \ |*| Shawn K. Quinn
\__ \ ' < (_) | |*| skquinn@speakeasy.net
|___/_|\_\__\_\ |*| Houston, TX, USA
August 27, 2005 3:30:50 PM

Archived from groups: comp.security.firewalls (More info?)

> A "software" or "personal" firewall...

This comparison is one of the most abused and incorrect comparisons on the
subject. Personal is an antonym to Network and software is an antonym to
hardware. You cannot and should not equate software to personal.

-Frank
August 28, 2005 8:03:02 PM

Archived from groups: comp.security.firewalls (More info?)

On Sat, 27 Aug 2005 11:30:50 -0600, "Frankster" <Frank@SPAM2TRASH.com> wrote:

>> A "software" or "personal" firewall...
>
>This comparison is one of the most abused and incorrect comparisons on the
>subject. Personal is an antonym to Network and software is an antonym to
>hardware. You cannot and should not equate software to personal.
>
>-Frank

OK, will you be so kind as to enlighten us?

--
Cheers,
Chuck, MS-MVP [Windows - Networking]
http://nitecruzr.blogspot.com/
Paranoia is not a problem, when it's a normal response from experience.
My email is AT DOT
actual address pchuck mvps org.
Anonymous
August 29, 2005 3:48:55 AM

Archived from groups: comp.security.firewalls (More info?)

Chuck <none@example.net> wrote:
> >> A "software" or "personal" firewall...
> >This comparison is one of the most abused and incorrect comparisons on the
> >subject. Personal is an antonym to Network and software is an antonym to
> >hardware. You cannot and should not equate software to personal.
> OK, will you be so kind as to enlighten us?

Think about a software firewall like Checkpoint FW1. This is not a
"Personal Firewall", of course.

"Personal Firewalls" and software firewalls usually are not the same.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
August 29, 2005 3:53:58 AM

Archived from groups: comp.security.firewalls (More info?)

"Leythos" <void@nowhere.lan> wrote in message
news:MPG.1d7781f7b28405e9989d0c@news-server.columbus.rr.com...
In article <xjiPe.32351$d5.187191@newsb.telia.net>, ralphot@telia.com
says...
> Volker Birk skrev:
> > Ralph Höglund <ralphot@telia.com> wrote:
> >
> >>What is the difference between a "hardware firewall" and
> >>a "software firewall"?
> >
> >
> > The latter is sold without the hardware, where it's running.
> >
> > Yours,
> > VB.
> So, a router with firewall incorporated is a "Hardware firewall" then, or?
> There is really not any particular difference after all?

A Firewall that acts as a router is not the same as a router with
firewall features - notice the difference?

Both are appliances, so both are hardware devices. Generally anything
that is a dedicated appliance, used for nothing else, is considered a
"Hardware Firewall". Generally that excludes a PC running an application
that is also used to run anything other than that application.

> I mean if you buy a firewall box, the firewall is after all software.

Not quite the same, it's firmware. Firmware is software, but it's not
anything like running an application on a non-dedicated box.

> So you mean that it is mearly a definition of how it is packaged,
> not how good it is to protect.

Actually, both - a firewall appliance is a device specifically
setup/coded to do ONE thing and it does it very-well. It's specifically
tested to do that one thing and often certified as being able to do that
one thing under all sorts of conditions. As an example, a firewall
running a BSD solution does not run ALL of the BSD solution, only the
parts necessary to act as the firewall and run the firmware coded by the
vendor.

Firewalls (appliances) are also built with less code than a Computer
running an OS and then running a firewall Application. So you have less
chance for error, less chance for exploits, less chance for something to
"slip by" the designers.

> Why I am asking is that many people talk about "hardware firewall"
> as a better solution then the software alternative.

Now you know, and it's 100% true.

> In my opinion it must depend on how the software is configured,
> good filtering with stealthed ports and other security functions and so
> on.

Nope, hope you understand now why a application running on a PC is not
as secure as an Appliance, and why none of us trust a Firewall
application running on a Non-Dedicated computer.

How secure a software firewall is will depend on
what it can do. With my software firewall solution,
it is quite flexible, as to be able to block by application
running on the NAT box. It depends on what it can do,
and how well the adminstrator knows how to run it.
Anonymous
August 29, 2005 2:11:27 PM

Archived from groups: comp.security.firewalls (More info?)

In article <cbWdncWtF85ILY_eRVn-rg@comcast.com>, charlesnewman1
@comcast.nospam.net says...
>
> "Leythos" <void@nowhere.lan> wrote in message
> news:MPG.1d7781f7b28405e9989d0c@news-server.columbus.rr.com...
> In article <xjiPe.32351$d5.187191@newsb.telia.net>, ralphot@telia.com
> says...
> > Volker Birk skrev:
> > > Ralph Höglund <ralphot@telia.com> wrote:
> > >
> > >>What is the difference between a "hardware firewall" and
> > >>a "software firewall"?
> > >
> > >
> > > The latter is sold without the hardware, where it's running.
> > >
> > > Yours,
> > > VB.
> > So, a router with firewall incorporated is a "Hardware firewall" then, or?
> > There is really not any particular difference after all?
>
> A Firewall that acts as a router is not the same as a router with
> firewall features - notice the difference?
>
> Both are appliances, so both are hardware devices. Generally anything
> that is a dedicated appliance, used for nothing else, is considered a
> "Hardware Firewall". Generally that excludes a PC running an application
> that is also used to run anything other than that application.
>
> > I mean if you buy a firewall box, the firewall is after all software.
>
> Not quite the same, it's firmware. Firmware is software, but it's not
> anything like running an application on a non-dedicated box.
>
> > So you mean that it is mearly a definition of how it is packaged,
> > not how good it is to protect.
>
> Actually, both - a firewall appliance is a device specifically
> setup/coded to do ONE thing and it does it very-well. It's specifically
> tested to do that one thing and often certified as being able to do that
> one thing under all sorts of conditions. As an example, a firewall
> running a BSD solution does not run ALL of the BSD solution, only the
> parts necessary to act as the firewall and run the firmware coded by the
> vendor.
>
> Firewalls (appliances) are also built with less code than a Computer
> running an OS and then running a firewall Application. So you have less
> chance for error, less chance for exploits, less chance for something to
> "slip by" the designers.
>
> > Why I am asking is that many people talk about "hardware firewall"
> > as a better solution then the software alternative.
>
> Now you know, and it's 100% true.
>
> > In my opinion it must depend on how the software is configured,
> > good filtering with stealthed ports and other security functions and so
> > on.
>
> Nope, hope you understand now why a application running on a PC is not
> as secure as an Appliance, and why none of us trust a Firewall
> application running on a Non-Dedicated computer.
>
> How secure a software firewall is will depend on
> what it can do. With my software firewall solution,
> it is quite flexible, as to be able to block by application
> running on the NAT box. It depends on what it can do,
> and how well the adminstrator knows how to run it.

Charles - you could use a Usenet reader that properly quotes, based on
your post it appears that I'm the one that said the > > items and I'm
not.

--

spam999free@rrohio.com
remove 999 in order to email me
!