|
Lonkero, Arend, I think that you are both essentially agreeing on the same thing, you are just using different terminology. A better way to explain it would be this:
A hardware firewall i just a piece of equipment that has the sole (not soul Arend) task of performing firewall duties and no other functions such as browsing the internet, checking your email etc. All devices contain a cpu, hard drive etc, the difference is the use the equipment is put to, rather than what it is inside the box !
Hence a software firewall would be like windows 7 firewall, where the computer does perform firewall functions in addition to many other things like Internet browsing, checking your email, arguing with people on kixtart ha ha !
The difference between a hardware firewall such as the infamous Cisco Box that Doc owns and the type of firewall that I am going to build - i.e. A slackware box that will provide the firewall functions that I want would be two things. Customisability and Power of the computer.
The problem with the Cisco is because its contained within a small enclosure, it must obey the laws of physics and be built to reduce heat output, so as such it will have a slower CPU, slower hard drive so in practice cannot be as fast as a normal sized computer box which could have a more powerful cpu and faster hard drives etc, because the enclosure has capacity to cool the computer down.
The second issue with the Cisco box is you are limited to customising whatever that small OS is capable of doing. so if the Cisco box doesn't support the feature, you're screwed.
These two advantages are why I would go with my Slackware Box which is a server based Linux distro.
Arend and Lonkero, I think that you are both in agreement in that when Lonkero is talking about a full OS, I think he means something like Slackware or your Suse box, not a windows 2008 server which installs loads of things that you don't need for the firewall. Slackware is so customisable with the installation, that you can virtually install just a command shell, with a very small gui to do whatever it is you need to setup your firewall. I don't think that anyone is implying that its desirable to setup windows 7 with a firewall program and call that a hardware firewall ! Because Arend is right, the more programs that get installed onto the OS and the bigger the OS, the more security holes there would be.
A good way to settle this issue, is to find some website or program that you can use to test your firewall and AV and content filtering and see how well it passes the test.
| 
