Firewall Wizards: RE: Random Questions

["Andrew J. Luca" <andrewluca () mediaone net>]

        I don't think that it is a question of which would be "more secure" rather
it is a question of "what functionality are you looking for?"

        A true switch is a bridge and thus only provides MAC layer filtering for an
ethernet connection.  Although you can do cool offsets and stuff to filter
IP packets it's a huge pain (been there, done that).  If you are looking to
be able to easily filter packets through ACLs which are easy to configure
(relative to a switch) and are built for this purpose choose a router.

        Now that I have said that, I do understand that there are switches on the
market which have the capability to provide Layer-3 filtering (e.g. packet
filtering like a router).  However, this is still a router in that case.
They have just made the offset stuff transparent to the user.

        Given the fact that you can get a low end Cisco router with 2E at a pretty
cheap price, buy the router.  The only thing that you would get from a
switch is the ability to do port mirroring.  This can come in handy but you
generally are talking about a pretty expensive box and if you are planning
on using anything more than a couple of T-1's, the switch is going to be the
bottleneck while mirroring.

DrewL

> -----Original Message-----
> From: owner-firewall-wizards () nfr net
> [mailto:owner-firewall-wizards () nfr net]On Behalf Of Rex Murphy
> Sent: Friday, May 14, 1999 7:04 PM
> To: firewall-wizards () nfr net
> Subject: Random Questions
>
>
>  What is more secure, a switch or a router?
>
> If I had a network and was running firewall-1 what would be more secure
> a switch or a router in between the internet and the firewall?