Hardware Firewall??

Archived from groups: comp.security.firewalls (More info?)

What is the difference between a "hardware firewall" and
a "software firewall"?

If there is a difference why does everybody say that the hardware
one is better?

In my oppinion the hardware firewall is the shield/wall between the engine
compartment and the driver/passenger seats in a car!

I can not see that hardware can protect against attacs from Internet.

Is a firewall built into a router a hardware or software firewall?

I have a Freesco router and software firewall running in hardware!

Ralph in Sweden
26 answers Last reply
More about hardware firewall
  1. Archived from groups: comp.security.firewalls (More info?)

    > What is the difference between a "hardware firewall" and
    > a "software firewall"?

    "Hardware Firewall" is a misnomer. Some top of the line so-called hardware
    firewalls have spinning disks.

    Most folks in this newsgroup seem to equate hardware firewall with "real"
    firewall. Not true. Or sometimes hardware firewall is associated with any
    hardware NAT router solution. Not true. Lots more to it.

    -Frank
  2. Archived from groups: comp.security.firewalls (More info?)

    Ralph Höglund <ralphot@telia.com> wrote:
    > What is the difference between a "hardware firewall" and
    > a "software firewall"?

    The latter is sold without the hardware, where it's running.

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  3. Archived from groups: comp.security.firewalls (More info?)

    Volker Birk skrev:
    > Ralph Höglund <ralphot@telia.com> wrote:
    >
    >>What is the difference between a "hardware firewall" and
    >>a "software firewall"?
    >
    >
    > The latter is sold without the hardware, where it's running.
    >
    > Yours,
    > VB.
    So, a router with firewall incorporated is a "Hardware firewall" then, or?
    There is really not any particular difference after all?

    I mean if you buy a firewall box, the firewall is after all software.

    So you mean that it is mearly a definition of how it is packaged,
    not how good it is to protect.

    Why I am asking is that many people talk about "hardware firewall"
    as a better solution then the software alternative.

    In my opinion it must depend on how the software is configured,
    good filtering with stealthed ports and other security functions and so on.

    Yours also,
    Ralph
  4. Archived from groups: comp.security.firewalls (More info?)

    In article <xjiPe.32351$d5.187191@newsb.telia.net>, ralphot@telia.com
    says...
    > Volker Birk skrev:
    > > Ralph Höglund <ralphot@telia.com> wrote:
    > >
    > >>What is the difference between a "hardware firewall" and
    > >>a "software firewall"?
    > >
    > >
    > > The latter is sold without the hardware, where it's running.
    > >
    > > Yours,
    > > VB.
    > So, a router with firewall incorporated is a "Hardware firewall" then, or?
    > There is really not any particular difference after all?

    A Firewall that acts as a router is not the same as a router with
    firewall features - notice the difference?

    Both are appliances, so both are hardware devices. Generally anything
    that is a dedicated appliance, used for nothing else, is considered a
    "Hardware Firewall". Generally that excludes a PC running an application
    that is also used to run anything other than that application.

    > I mean if you buy a firewall box, the firewall is after all software.

    Not quite the same, it's firmware. Firmware is software, but it's not
    anything like running an application on a non-dedicated box.

    > So you mean that it is mearly a definition of how it is packaged,
    > not how good it is to protect.

    Actually, both - a firewall appliance is a device specifically
    setup/coded to do ONE thing and it does it very-well. It's specifically
    tested to do that one thing and often certified as being able to do that
    one thing under all sorts of conditions. As an example, a firewall
    running a BSD solution does not run ALL of the BSD solution, only the
    parts necessary to act as the firewall and run the firmware coded by the
    vendor.

    Firewalls (appliances) are also built with less code than a Computer
    running an OS and then running a firewall Application. So you have less
    chance for error, less chance for exploits, less chance for something to
    "slip by" the designers.

    > Why I am asking is that many people talk about "hardware firewall"
    > as a better solution then the software alternative.

    Now you know, and it's 100% true.

    > In my opinion it must depend on how the software is configured,
    > good filtering with stealthed ports and other security functions and so on.

    Nope, hope you understand now why a application running on a PC is not
    as secure as an Appliance, and why none of us trust a Firewall
    application running on a Non-Dedicated computer.


    --

    spam999free@rrohio.com
    remove 999 in order to email me
  5. Archived from groups: comp.security.firewalls (More info?)

    Ralph Höglund <ralphot@telia.com> wrote in
    news:xjiPe.32351$d5.187191@newsb.telia.net:

    > Volker Birk skrev:
    >> Ralph Höglund <ralphot@telia.com> wrote:
    >>
    >>>What is the difference between a "hardware firewall" and
    >>>a "software firewall"?
    >>
    >>
    >> The latter is sold without the hardware, where it's running.
    >>
    >> Yours,
    >> VB.

    > So, a router with firewall incorporated is a "Hardware firewall" then,
    > or? There is really not any particular difference after all?

    Yeah there is a difference such as a packet filtering FW router, a router
    using NAT solely as a means of protection and nothing else FW like, and
    then there are FW appliances.

    >
    > I mean if you buy a firewall box, the firewall is after all software.

    Yes this is true. However, a router running a packet filtering FW or a FW
    appliance is a standalone device. A host based FW runs on a computer and
    needs the computer's O/S to function and is only as secure as the O/S is
    made to be secure and runs the risk of being attacked and compromised
    just like the O/S can be attacked and compromised.

    >
    > So you mean that it is mearly a definition of how it is packaged,
    > not how good it is to protect.

    You have routers that have FW like abilities but are not running FW
    software, packet filtering FW routers, FW appliances, network host based
    FW(s) that use two interfaces an Internet facing interface/NIC and
    private side network interface/NIC, and then you have the so called
    personal FW host based solutions that need an O/S to function that is not
    a FW since it's not separating two networks and is machine level
    protection that protects the O/S, its services, and Internet applications
    that are running on the machine for a computer that has a direct
    connection to the Internet.

    >
    > Why I am asking is that many people talk about "hardware firewall"
    > as a better solution then the software alternative.

    That depends on the type of FW solution you're talking about. A gateway
    computer running a host based network FW and the O/S is secure is just as
    good in the protection as a packet filtering FW router or FW appliance.
    You're talking about a router that's running NAT only as a limited means
    of protection or a PFW solution; they seem to be suspect or questionable
    as to how well they protect, IMHO.

    >
    > In my opinion it must depend on how the software is configured,
    > good filtering with stealthed ports and other security functions and
    > so on.

    Yes, it depends on how well the FW software is configured and for a host
    based network FW, it also depends upon how secure is the O/S that it's
    running with at the same time along with how well the software is
    configured. Plug and go solutions such as packet filtering FW routers or
    FW appliances are for the most part preconfigured devices that need very
    little setup and have the means to set more complex filtering rules if
    need be. A router running solely NAT really has no configuration
    abilities to speak of but some have FW like features that can be
    configured.

    The links may help you in understanding FW(s) and FW solutions.

    http://www.vicomsoft.com/knowledge/reference/firewalls1.html
    http://www.more.net/technical/netserv/tcpip/firewalls/

    Duane :)
  6. Archived from groups: comp.security.firewalls (More info?)

    In article <CKWdna9HhJ0UT5DeRVn-uw@giganews.com>, Frank@SPAM2TRASH.com
    says...
    > > What is the difference between a "hardware firewall" and
    > > a "software firewall"?
    >
    > "Hardware Firewall" is a misnomer. Some top of the line so-called hardware
    > firewalls have spinning disks.
    >
    > Most folks in this newsgroup seem to equate hardware firewall with "real"
    > firewall. Not true. Or sometimes hardware firewall is associated with any
    > hardware NAT router solution. Not true. Lots more to it.

    I like to think "Appliance" and not Hardware, as an Appliance is
    different than a PC (even a dedicated one) running an OS/Application.
    Applainces are not able to be used as PC's, they are dedicated devices
    with one purpose.

    As for Firewall, there are many types of Firewall Solutions, some based
    on appliances, some based on PC/Servers with a custom OS or a hardened
    OS, and then the Firewall Software and at least two network cards...

    NAT Routers, those cheap things you get at BestBuy, are never considered
    as Firewalls in my mind/solutions - but they do offer a minimum level of
    protection that all home users should have.

    --

    spam999free@rrohio.com
    remove 999 in order to email me
  7. Archived from groups: comp.security.firewalls (More info?)

    On Thu, 25 Aug 2005 07:50:25 GMT, Ralph Höglund <ralphot@telia.com> wrote:

    >What is the difference between a "hardware firewall" and
    >a "software firewall"?
    >
    >If there is a difference why does everybody say that the hardware
    >one is better?
    >
    >In my oppinion the hardware firewall is the shield/wall between the engine
    >compartment and the driver/passenger seats in a car!
    >
    >I can not see that hardware can protect against attacs from Internet.
    >
    >Is a firewall built into a router a hardware or software firewall?
    >
    >I have a Freesco router and software firewall running in hardware!
    >
    >Ralph in Sweden

    Ralph,

    A "software" or "personal" firewall runs on the computer that it's protecting,
    and protects only that computer. A "hardware" firewall runs on a separate piece
    of equipment, and provides perimeter protection, to a group of computers.

    Both hardware and software firewalls require an operating system. The hardware
    firewall contains a stripped down operating system, that provides only the
    ability to examine, and to move, packets between the interfaces (WAN and LAN),
    and maybe a small web server that allows you to make configuration changes.

    The software firewall uses an operating system that lets you use your computer
    for non-firewall purposes, and make changes to reflect how you want to use your
    computer.

    There are advantages and disadvantages to both. Saying that one is better than
    the other is like saying Coke is better than Pepsi, or Chevrolet better than
    Ford.

    Hardware Firewall.
    # Advantages: Smaller and more efficient. Contains less code to exploit.
    Contains minimal code that can be exploited by the user. Filters malicious
    incoming traffic before it hits the protected computers. Has a dedicated
    processor, and dedicated storage, which when in use does not impact use of
    protected computers.
    # Disadvantages: Has no knowledge of programs running on the protected
    computers, so can't effectively filter outgoing traffic. The dedicated
    processor, and dedicated storage, is finite in capacity, so must be carefully
    chosen for the intended workload. Can be exploited by overload. Requires one
    more power connection, and one more network cable. Hardware is not easily
    upgradable, except by replacing the firewall itself.

    Software Firewall.
    # Advantages: More configurable. Since it sits on your desktop, you can make
    changes at will. Since it can hook into the operating system, it knows what
    programs are running there, and can protect accordingly. Provides individual
    protection - if one computer in the LAN gets infected with malware, all
    computers running a software firewall are protected. Is easily upgraded, by
    adding hardware to the protected computer.
    # Disadvantages: More configurable. Since it sits on your desktop, you can make
    changes at will. Uses processor power, and storage, which may compete with use
    of computer, causing tuning needs, and temptation to disable features. Can be
    exploited, thru its many features. Malicious incoming traffic is filtered only
    after it hits the computer, and the operating system.

    A Freesco firewall appears to be a personal firewall, running on a (hopefully)
    dedicated computer running Linux. Linux is an operating system, and has the
    features of an operating system. How do you use the Freesco box? Does it
    contain any applications, such as a web browser or text editor? Does it support
    a monitor and keyboard, or do you configure it thru a web browser? When you
    load Freesco, does it strip down the features, to make it more like the
    operating system in a "hardware firewall"? All of these questions determine how
    versatile it is, and how exploitable it is.

    --
    Cheers,
    Chuck
    http://nitecruzr.blogspot.com/
    Paranoia is not necessarily a bad thing - it's a normal response from experience.
  8. Archived from groups: comp.security.firewalls (More info?)

    Ralph Höglund <ralphot@telia.com> wrote:
    > So, a router with firewall incorporated is a "Hardware firewall" then, or?

    Not every firewall implementation is routing. Look at the PIX, for example.

    > There is really not any particular difference after all?

    A firewall is the concept to have security zones for your network, and
    to have a box in between two zones, which is restricting communication
    between zones according to your policy.

    Software to implement that, especially filtering software, often is
    called "firewall" also.

    Ready made computers with software "out of the box" to implement this,
    are also called "firewalls". This is what is called a "hardware firewall",
    it's a product type you can buy.

    > So you mean that it is mearly a definition of how it is packaged,
    > not how good it is to protect.

    Yes.

    > Why I am asking is that many people talk about "hardware firewall"
    > as a better solution then the software alternative.

    Of course, a "Personal Firewall" is no firewall at all. It's host
    based filtering, not having a firewall between the hosts in one
    network and another.

    Host based filtering sometimes is a good idea; unfortunately, the
    "Personal Firewall" providers are promisng heaven and earth in their
    advertisments, but delivering questionable products.

    So if someone compares filtering routers with "Personal Firewalls"
    by calling them "hardware firewall" and "software firewall", I can
    understand why to prefer "hardware firewalls". ;-)

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  9. Archived from groups: comp.security.firewalls (More info?)

    Leythos <void@nowhere.lan> wrote:
    > A Firewall that acts as a router is not the same as a router with
    > firewall features - notice the difference?

    No. Please explain.

    > > I mean if you buy a firewall box, the firewall is after all software.
    > Not quite the same, it's firmware. Firmware is software, but it's not
    > anything like running an application on a non-dedicated box.

    This is nonsense. Most people call the software "firmware", which is
    booted through ROM or FlashRAM first, when a computer starts. This can be
    any software.

    > As an example, a firewall
    > running a BSD solution does not run ALL of the BSD solution, only the
    > parts necessary to act as the firewall and run the firmware coded by the
    > vendor.

    Of course, it's a good idea, to reduce code to have security. So of
    course you're right here, hopefully with any firewall implementation
    there is as few code on that machine as possible.

    > > Why I am asking is that many people talk about "hardware firewall"
    > > as a better solution then the software alternative.
    > Now you know, and it's 100% true.

    Don't think so.

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  10. Archived from groups: comp.security.firewalls (More info?)

    In article <430ee886@news.uni-ulm.de>, bumens@dingens.org says...
    > Leythos <void@nowhere.lan> wrote:
    > > A Firewall that acts as a router is not the same as a router with
    > > firewall features - notice the difference?
    >
    > No. Please explain.

    It seems that any explanation I give you would be met with no
    understanding, so, you might want to re-read the post until you figure
    it out.

    --

    spam999free@rrohio.com
    remove 999 in order to email me
  11. Archived from groups: comp.security.firewalls (More info?)

    Frankster <Frank@spam2trash.com> wrote:
    > Most folks in this newsgroup seem to equate hardware firewall with "real"
    > firewall. Not true. Or sometimes hardware firewall is associated with any
    > hardware NAT router solution. Not true. Lots more to it.

    Please explain.

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  12. Archived from groups: comp.security.firewalls (More info?)

    Volker Birk skrev:
    > Frankster <Frank@spam2trash.com> wrote:
    >
    >>Most folks in this newsgroup seem to equate hardware firewall with "real"
    >>firewall. Not true. Or sometimes hardware firewall is associated with any
    >>hardware NAT router solution. Not true. Lots more to it.
    >
    >
    > Please explain.
    >
    > Yours,
    > VB.

    I found an interesting article here:
    http://www.smallbusinesscomputing.com/webmaster/article.php/3103431

    Ronald Pacchiano means that software firewall is the firewall you have
    installed in the computer you are using, one way of describing it.

    I have therfore firewall/router in a separate Freesco-box with
    CPU, RAM, power, 1,44 Mb floppy, 2 NIC - one to modem one to switch.

    In each of my computers I have F-Secure software firewall and antivirus.
  13. Archived from groups: comp.security.firewalls (More info?)

    Leythos <void@nowhere.lan> wrote:
    > I like to think "Appliance" and not Hardware, as an Appliance is
    > different than a PC (even a dedicated one) running an OS/Application.

    Many appliences are just PC hardware running an OS and some applications.
    You can buy them as a ready made box.

    > Applainces are not able to be used as PC's, they are dedicated devices
    > with one purpose.

    Oh, yes, usually it's possible, just like with the WLAN-routers and DSL-
    devices. Many of them you can use as Linux or BSD hosts also today.

    I already have tried out this.

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  14. Archived from groups: comp.security.firewalls (More info?)

    In article <430ee968@news.uni-ulm.de>, bumens@dingens.org says...
    > Leythos <void@nowhere.lan> wrote:
    > > I like to think "Appliance" and not Hardware, as an Appliance is
    > > different than a PC (even a dedicated one) running an OS/Application.
    >
    > Many appliences are just PC hardware running an OS and some applications.
    > You can buy them as a ready made box.

    Just because they have a motherboard and run a limited controlled
    language, that does not make them a PC hardware. There are a world of
    differences between a controller (which uses some components - like a
    CPU/Memory) and a Personal Computer motherboard. I don't expect you to
    understand this or to even want to, but you should not assume that any
    Firewall Appliance is just a Personal Computer motherboard with some
    software.


    > > Applainces are not able to be used as PC's, they are dedicated devices
    > > with one purpose.
    >
    > Oh, yes, usually it's possible, just like with the WLAN-routers and DSL-
    > devices. Many of them you can use as Linux or BSD hosts also today.
    >
    > I already have tried out this.

    And a home user setting up a Linux box is not going to be as secure as
    one purchasing a "Firewall Appliance" by default. Consider all of the
    exploits out for nix boxes before you reply.

    --

    spam999free@rrohio.com
    remove 999 in order to email me
  15. Archived from groups: comp.security.firewalls (More info?)

    In article <AeDPe.32407$d5.187299@newsb.telia.net>, ralphot@telia.com
    says...
    > Volker Birk skrev:
    > > Frankster <Frank@spam2trash.com> wrote:
    > >
    > >>Most folks in this newsgroup seem to equate hardware firewall with "real"
    > >>firewall. Not true. Or sometimes hardware firewall is associated with any
    > >>hardware NAT router solution. Not true. Lots more to it.
    > >
    > >
    > > Please explain.
    > >
    > > Yours,
    > > VB.
    >
    > I found an interesting article here:
    > http://www.smallbusinesscomputing.com/webmaster/article.php/3103431
    >
    > Ronald Pacchiano means that software firewall is the firewall you have
    > installed in the computer you are using, one way of describing it.
    >
    > I have therfore firewall/router in a separate Freesco-box with
    > CPU, RAM, power, 1,44 Mb floppy, 2 NIC - one to modem one to switch.
    >
    > In each of my computers I have F-Secure software firewall and antivirus.

    That would be a Dedicated Firewall Server, which, while not the same as
    an Appliance, is many times better than something one runs on their
    personal computer that they use for daily use.

    There are dedicated servers, appliances, and personal firewall software
    solutions.

    --

    spam999free@rrohio.com
    remove 999 in order to email me
  16. Archived from groups: comp.security.firewalls (More info?)

    Leythos <void@nowhere.lan> wrote:
    > In article <430ee886@news.uni-ulm.de>, bumens@dingens.org says...
    > > Leythos <void@nowhere.lan> wrote:
    > > > A Firewall that acts as a router is not the same as a router with
    > > > firewall features - notice the difference?
    > > No. Please explain.
    > It seems that any explanation I give you would be met with no
    > understanding, so, you might want to re-read the post until you figure
    > it out.

    Hm... this explanation is not very convincing. Please try again.

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  17. Archived from groups: comp.security.firewalls (More info?)

    Leythos <void@nowhere.lan> wrote:
    > In article <430ee968@news.uni-ulm.de>, bumens@dingens.org says...
    > > Leythos <void@nowhere.lan> wrote:
    > > > I like to think "Appliance" and not Hardware, as an Appliance is
    > > > different than a PC (even a dedicated one) running an OS/Application.
    > > Many appliences are just PC hardware running an OS and some applications.
    > > You can buy them as a ready made box.
    > Just because they have a motherboard and run a limited controlled
    > language, that does not make them a PC hardware.

    Yes, of course. Whatever you mean with a "limited controlled language".

    > There are a world of
    > differences between a controller (which uses some components - like a
    > CPU/Memory) and a Personal Computer motherboard.

    Not every product, which is called "firewall appliance", consists of
    PC hardware. Most of them (if not every) consist of computers, and many
    of them run BSD or Linux. Some of them even are build with PC hardware.
    Some others even have proprietary operating systems, like the Cisco PIX.

    > I don't expect you to
    > understand this

    You seem to be a little clouded, if I should not interpret this as
    impolite.

    > or to even want to, but you should not assume that any
    > Firewall Appliance is just a Personal Computer motherboard with some
    > software.

    I never thought that. Why should I? I did not write "any", I wrote
    "many". Yes, that's just a single letter, but an important one ;-)

    > And a home user setting up a Linux box is not going to be as secure as
    > one purchasing a "Firewall Appliance" by default.

    People, who are just buying security in boxes, wether they are doing
    this by buying a Linux distribution and putting it onto a PC, or purchasing
    a "firewall appliance" product and just pluggin it in, are not very
    secure.

    > Consider all of the
    > exploits out for nix boxes before you reply.

    This has nothing to do with exploits.

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  18. Archived from groups: comp.security.firewalls (More info?)

    Chuck <none@example.net> wrote:
    > Both hardware and software firewalls require an operating system.

    It is a common mistake to assume, that you need an operating system for
    running software (i.e. filtering software to build a "firewall") on a
    computer.

    It's not true. Operating systems have big advantages, but sometimes it's
    a good idea not to have one. For filtering software, in common cases there
    will be an operating system.

    Sometimes filtering systems are implemented directly in hardware,
    though, i.e. through describing the tasks in VHDL, see:

    http://en.wikipedia.org/wiki/VHDL

    Then you have no software at all. This is not very common.

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  19. Archived from groups: comp.security.firewalls (More info?)

    On 26 Aug 2005 18:18:43 +0200, Volker Birk <*email_address_deleted*> wrote:

    >Chuck <none@example.net> wrote:
    >> Both hardware and software firewalls require an operating system.
    >
    >It is a common mistake to assume, that you need an operating system for
    >running software (i.e. filtering software to build a "firewall") on a
    >computer.
    >
    >It's not true. Operating systems have big advantages, but sometimes it's
    >a good idea not to have one. For filtering software, in common cases there
    >will be an operating system.
    >
    >Sometimes filtering systems are implemented directly in hardware,
    >though, i.e. through describing the tasks in VHDL, see:
    >
    >http://en.wikipedia.org/wiki/VHDL
    >
    >Then you have no software at all. This is not very common.
    >
    >Yours,
    >VB.

    Good points, Volker.

    But how many "hardware" firewalls use a VHDL infrastructure? Even the big CISCO
    routers have their IOS. IOS is, I suspect, somewhere between an operating
    system and VHDL. It's text based, but it has numerous utilities. And it uses
    an interface for programming.

    Where is VHDL processed? In firmware, or in the hardware itself? And if it has
    to be upgraded, how is that done? The WikipediA article just scratches the
    surface, and talks about theory.
    VHDL is in fact a fairly general-purpose programming language, provided that
    you have a simulator on which to run the code. It can read and write files
    on the host computer...

    My dissertation is just the start, and plenty more details are needed.

    --
    Cheers,
    Chuck
    http://nitecruzr.blogspot.com/
    Paranoia is not necessarily a bad thing - it's a normal response from experience.
  20. Archived from groups: comp.security.firewalls (More info?)

    Chuck <none@example.net> wrote:
    > But how many "hardware" firewalls use a VHDL infrastructure?

    Most of them. But this is misleading ;-) VHDL is a language, which is
    very common in chip design, so nearly every computer contains chips
    designed in VHDL today.

    > Even the big CISCO
    > routers have their IOS. IOS is, I suspect, somewhere between an operating
    > system and VHDL.

    IOS is an operating system. Most firewalls of Cisco don't use IOS BTW -
    they use PIX OS.

    > Where is VHDL processed?

    VHDL usually is processed by design software for digital design. Then
    the result is used to "burn" FPGAs or to manufacture ASICs.

    > And if it has
    > to be upgraded, how is that done?

    You have to change the chip.

    > The WikipediA article just scratches the
    > surface, and talks about theory.

    Yes. I know it, because I supplied a chip design company with hard- and
    software some years ago. Because I'm mainly doing software development,
    it was very interesting for me to see, how hardware development is done
    there.

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  21. Archived from groups: comp.security.firewalls (More info?)

    begin quotation
    from Chuck <none@example.net>
    in message <cjgug1tdtiuanbrpv3gsprjqb2e7umscac@4ax.com>
    posted at 2005-08-26T16:42
    > On 26 Aug 2005 18:18:43 +0200, Volker Birk <*email_address_deleted*> wrote:
    >> Sometimes filtering systems are implemented directly in hardware,
    >> though, i.e. through describing the tasks in VHDL, see:

    >> http://en.wikipedia.org/wiki/VHDL

    >> Then you have no software at all. This is not very common.

    > Good points, Volker.

    > But how many "hardware" firewalls use a VHDL infrastructure? Even the
    > big CISCO routers have their IOS. IOS is, I suspect, somewhere between
    > an operating system and VHDL. It's text based, but it has numerous
    > utilities. And it uses an interface for programming.

    "Text based" doesn't really say much about an OS. I think even Windows
    could technically be text-based, as in you can make boot floppies which
    never boot the GUI. I know OS/2 would boot without the Presentation
    Manager (GUI), and we all know that Unix and Unix-like operating systems
    pre-date widespread use of GUIs at all.

    > Where is VHDL processed? In firmware, or in the hardware itself?

    VHDL is used to describe hardware, so it's processed as part of making
    the chips themselves.


    --
    ___ _ _____ |*|
    / __| |/ / _ \ |*| Shawn K. Quinn
    \__ \ ' < (_) | |*| skquinn@speakeasy.net
    |___/_|\_\__\_\ |*| Houston, TX, USA
  22. Archived from groups: comp.security.firewalls (More info?)

    > A "software" or "personal" firewall...

    This comparison is one of the most abused and incorrect comparisons on the
    subject. Personal is an antonym to Network and software is an antonym to
    hardware. You cannot and should not equate software to personal.

    -Frank
  23. Archived from groups: comp.security.firewalls (More info?)

    On Sat, 27 Aug 2005 11:30:50 -0600, "Frankster" <Frank@SPAM2TRASH.com> wrote:

    >> A "software" or "personal" firewall...
    >
    >This comparison is one of the most abused and incorrect comparisons on the
    >subject. Personal is an antonym to Network and software is an antonym to
    >hardware. You cannot and should not equate software to personal.
    >
    >-Frank

    OK, will you be so kind as to enlighten us?

    --
    Cheers,
    Chuck, MS-MVP [Windows - Networking]
    http://nitecruzr.blogspot.com/
    Paranoia is not a problem, when it's a normal response from experience.
    My email is AT DOT
    actual address pchuck mvps org.
  24. Archived from groups: comp.security.firewalls (More info?)

    Chuck <none@example.net> wrote:
    > >> A "software" or "personal" firewall...
    > >This comparison is one of the most abused and incorrect comparisons on the
    > >subject. Personal is an antonym to Network and software is an antonym to
    > >hardware. You cannot and should not equate software to personal.
    > OK, will you be so kind as to enlighten us?

    Think about a software firewall like Checkpoint FW1. This is not a
    "Personal Firewall", of course.

    "Personal Firewalls" and software firewalls usually are not the same.

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  25. Archived from groups: comp.security.firewalls (More info?)

    "Leythos" <void@nowhere.lan> wrote in message
    news:MPG.1d7781f7b28405e9989d0c@news-server.columbus.rr.com...
    In article <xjiPe.32351$d5.187191@newsb.telia.net>, ralphot@telia.com
    says...
    > Volker Birk skrev:
    > > Ralph Höglund <ralphot@telia.com> wrote:
    > >
    > >>What is the difference between a "hardware firewall" and
    > >>a "software firewall"?
    > >
    > >
    > > The latter is sold without the hardware, where it's running.
    > >
    > > Yours,
    > > VB.
    > So, a router with firewall incorporated is a "Hardware firewall" then, or?
    > There is really not any particular difference after all?

    A Firewall that acts as a router is not the same as a router with
    firewall features - notice the difference?

    Both are appliances, so both are hardware devices. Generally anything
    that is a dedicated appliance, used for nothing else, is considered a
    "Hardware Firewall". Generally that excludes a PC running an application
    that is also used to run anything other than that application.

    > I mean if you buy a firewall box, the firewall is after all software.

    Not quite the same, it's firmware. Firmware is software, but it's not
    anything like running an application on a non-dedicated box.

    > So you mean that it is mearly a definition of how it is packaged,
    > not how good it is to protect.

    Actually, both - a firewall appliance is a device specifically
    setup/coded to do ONE thing and it does it very-well. It's specifically
    tested to do that one thing and often certified as being able to do that
    one thing under all sorts of conditions. As an example, a firewall
    running a BSD solution does not run ALL of the BSD solution, only the
    parts necessary to act as the firewall and run the firmware coded by the
    vendor.

    Firewalls (appliances) are also built with less code than a Computer
    running an OS and then running a firewall Application. So you have less
    chance for error, less chance for exploits, less chance for something to
    "slip by" the designers.

    > Why I am asking is that many people talk about "hardware firewall"
    > as a better solution then the software alternative.

    Now you know, and it's 100% true.

    > In my opinion it must depend on how the software is configured,
    > good filtering with stealthed ports and other security functions and so
    > on.

    Nope, hope you understand now why a application running on a PC is not
    as secure as an Appliance, and why none of us trust a Firewall
    application running on a Non-Dedicated computer.

    How secure a software firewall is will depend on
    what it can do. With my software firewall solution,
    it is quite flexible, as to be able to block by application
    running on the NAT box. It depends on what it can do,
    and how well the adminstrator knows how to run it.
  26. Archived from groups: comp.security.firewalls (More info?)

    In article <cbWdncWtF85ILY_eRVn-rg@comcast.com>, charlesnewman1
    @comcast.nospam.net says...
    >
    > "Leythos" <void@nowhere.lan> wrote in message
    > news:MPG.1d7781f7b28405e9989d0c@news-server.columbus.rr.com...
    > In article <xjiPe.32351$d5.187191@newsb.telia.net>, ralphot@telia.com
    > says...
    > > Volker Birk skrev:
    > > > Ralph Höglund <ralphot@telia.com> wrote:
    > > >
    > > >>What is the difference between a "hardware firewall" and
    > > >>a "software firewall"?
    > > >
    > > >
    > > > The latter is sold without the hardware, where it's running.
    > > >
    > > > Yours,
    > > > VB.
    > > So, a router with firewall incorporated is a "Hardware firewall" then, or?
    > > There is really not any particular difference after all?
    >
    > A Firewall that acts as a router is not the same as a router with
    > firewall features - notice the difference?
    >
    > Both are appliances, so both are hardware devices. Generally anything
    > that is a dedicated appliance, used for nothing else, is considered a
    > "Hardware Firewall". Generally that excludes a PC running an application
    > that is also used to run anything other than that application.
    >
    > > I mean if you buy a firewall box, the firewall is after all software.
    >
    > Not quite the same, it's firmware. Firmware is software, but it's not
    > anything like running an application on a non-dedicated box.
    >
    > > So you mean that it is mearly a definition of how it is packaged,
    > > not how good it is to protect.
    >
    > Actually, both - a firewall appliance is a device specifically
    > setup/coded to do ONE thing and it does it very-well. It's specifically
    > tested to do that one thing and often certified as being able to do that
    > one thing under all sorts of conditions. As an example, a firewall
    > running a BSD solution does not run ALL of the BSD solution, only the
    > parts necessary to act as the firewall and run the firmware coded by the
    > vendor.
    >
    > Firewalls (appliances) are also built with less code than a Computer
    > running an OS and then running a firewall Application. So you have less
    > chance for error, less chance for exploits, less chance for something to
    > "slip by" the designers.
    >
    > > Why I am asking is that many people talk about "hardware firewall"
    > > as a better solution then the software alternative.
    >
    > Now you know, and it's 100% true.
    >
    > > In my opinion it must depend on how the software is configured,
    > > good filtering with stealthed ports and other security functions and so
    > > on.
    >
    > Nope, hope you understand now why a application running on a PC is not
    > as secure as an Appliance, and why none of us trust a Firewall
    > application running on a Non-Dedicated computer.
    >
    > How secure a software firewall is will depend on
    > what it can do. With my software firewall solution,
    > it is quite flexible, as to be able to block by application
    > running on the NAT box. It depends on what it can do,
    > and how well the adminstrator knows how to run it.

    Charles - you could use a Usenet reader that properly quotes, based on
    your post it appears that I'm the one that said the > > items and I'm
    not.

    --

    spam999free@rrohio.com
    remove 999 in order to email me
Ask a new question

Read More

Firewalls Hardware Software Networking