Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Why should one buy (or not) an Appliance-based security gateway?
From: Paul Schmehl <pauls () utdallas edu>
Date: Fri, 30 Jul 2004 13:34:02 -0500

--On Friday, July 30, 2004 02:55:04 PM -0300 Bernardo Santos Wernesback <bernardo () ish com br> wrote:

A few colleagues and I started a discussion as to why one should or
shouldn't buy an appliance-based firewall, ids/ips or other security
appliance instead of installing software on a server.

We thought about patching, performance, and other reason for each option
but I'd like to hear what other people think.

I would really appreciate if you could share your thoughts with me.

1) Most appliance-based devices do not allow access to the operating system from the application. In fact, they don't even allow access to the application, except for its configuration.

2) Most appliance-based devices have a kernel and OS that is specifically built (or the latest buzz word "purpose-built") for the service they provide, making them capable of running on lower speed processors and lower memory footprints than a general purpose OS (or conversely, capable of doing a great deal more with the same CPU speed and memory footprint.)

Those are the two main benefits that I hear most often touted. I haven't done any research into those claims. Perhaps someone else has?

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]