On Mon, 18 Mar 2002, Patrick Beart wrote: > At 1:25 AM -0500 3/17/02, Anthony E. Greene wrote: > > > >On Sat, 16 Mar 2002, Patrick Beart wrote: > > > I'm new to the whole "security" thing, but I've learned that > >>a hardware appliance is better than software, if only for the fact that > >>someone is technically already IN the machine when they hit the firewall > >>software. With a hardware appliance there's a physical barrier ahead of > > >your machines. > >> > > > >I hope it wouldn't hurt your feelings to know that a lot of these hardware > >devices are BSD boxes with a stripped-down OS. > > > Apparently, my point was missed entirely, here. > > Having a PHYSICAL device sitting AHEAD of your server(s) is, > IMO, far superior to having the "software" sitting in that same > server box(-es). I really don't care what particular OS or coding is > used for the Firewall HARDWARE appliance. I only care that it's > running IPSec and isn't running on my server(s). > I want the big electronic "bouncer" sitting OUTSIDE my > virtual house, not in the foyer.
You've apparently missed the point that you could just as easily take an old PC, install Linux with IPTables and just use it as a firewall, outside of your servers, themselves. I'm doing this, here...I have a Pentium 200 dedicated to nothing but iptables firewalling, and then I also have some additional iptables firewalling on the server, itself. A little double whammy for the bad guys. _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
