I love how people always say that a software firewall like IPCop is a “lesser” product than a hardware system. I ran into one site speaking of Netsentron as a hardware solution. I’d also include Endian Firewall and Untangle when we talk about a “linux based hardware firewall”. Well here’s my thought. These systems offer a hardware solution, but aren’t these products really the same thing as the downloaded software version they provide? And if so, these products are really only a “hardware/software bundle”, right? (I think they actually advertise them this way anyway, but my gripe is with all those techs out there under the notion that these are real hardware based products.)
I can’t comment on any Cisco or Sonicwall, hardware firewalls, because I have not used any of them. But are these also just software running on hardware? And the main thing I’ve heard from security people about the lesser quality software products is that they are not good at defending against DOS attacks. Is this really true? Even if so, in the last 10 years I’ve ran some sort of Linux based firewall, whether home-brewed or special firewall distribution, I’ve not once had a break in. I’ve not once had a DOD attack. (THIS IS NOT AN INVITATION!)
Now, I have had a DOD attack directly on and Exchange or IIS server that was port forwarded directly to the Internet. Not pretty! Which is a big reason why I don’t run these systems directly anymore. But this is off topic. (maybe another blog coming!)
I’ll do some of my own research, but maybe if someone out there can shed some light on the deficiencies of a Linux firewall, in particular IPCop or Smoothwall. For my use, IPCop with a few addons, make for a fantastic filtering firewall, provided we pick good hardware to run it, and configure it properly. Is Sonicwall truly better at providing security?
Ah, just thinking out loud again. I am sure someone out there will give me hell for saying things like this. I am not a security expert, not even close. But, sometimes I just wonder about thingsā¦ J
Since most private companies want to minimize cost, they end und settling for software firewalls. If you have a real hardware firewall, you can have multiple internet connections aside from the usual advantages. Moreover, you can switch from one ip to another for security purposes.
http://www.earticles.com
“settling” ?? Not sure what you mean by that. Because to me, IPCop is not settling, nor is it a “lesser” solution. That was my point in that article. Also, you say those are advantages of a real hardware firewall, but you can do those things on a basic Linux box or IPCop too. So again, what’s the *real* benefit?
Actually, I should be clear… I don’t know if IPCop will setup to outbound Internet connections, but on Linux you could do that manually, and therefore, you can probably do that on Ipcop with some effort. But, even still, what would I want to do that? I suppose in a large company maybe there are some valid solutions, but for any of my smaller sized networks, there’s no point in multi connections.