Is a hardware firewall really a software firewall anyway? 4


I love how people always say that a software firewall like IPCop is a “lesser” product than a hardware system. I ran into one site speaking of Netsentron as a hardware solution. I’d also include Endian Firewall and Untangle when we talk about a “linux based hardware firewall”. Well here’s my thought. These systems offer a hardware solution, but aren’t these products really the same thing as the downloaded software version they provide? And if so, these products are really only a “hardware/software bundle”, right? (I think they actually advertise them this way anyway, but my gripe is with all those techs out there under the notion that these are real hardware based products.)

I can’t comment on any Cisco or Sonicwall, hardware firewalls, because I have not used any of them. But are these also just software running on hardware? And the main thing I’ve heard from security people about the lesser quality software products is that they are not good at defending against DOS attacks. Is this really true? Even if so, in the last 10 years I’ve ran some sort of Linux based firewall, whether home-brewed or special firewall distribution, I’ve not once had a break in. I’ve not once had a DOD attack. (THIS IS NOT AN INVITATION!)

Now, I have had a DOD attack directly on and Exchange or IIS server that was port forwarded directly to the Internet. Not pretty! Which is a big reason why I don’t run these systems directly anymore. But this is off topic. (maybe another blog coming!)

I’ll do some of my own research, but maybe if someone out there can shed some light on the deficiencies of a Linux firewall, in particular IPCop or Smoothwall. For my use, IPCop with a few addons, make for a fantastic filtering firewall, provided we pick good hardware to run it, and configure it properly. Is Sonicwall truly better at providing security?

Ah, just thinking out loud again. I am sure someone out there will give me hell for saying things like this. I am not a security expert, not even close. But, sometimes I just wonder about thing.

EDIT 03/08/2010 ::

Since I wrote this article, I’ve since switched to PFSense as my firewall of choice.  It does way more and better than I could do with IpCop. (still like IPcop though!)  PFsense is a FreeBSD based solution.  It can handle multiple WAN connections, can add several interfaces all with IP aliases, and has all the “lock down” rules in place from the start.  Not to mention, there are plugins that make tracking down traffic issues much easier.  I LOVE IT!

The only gripe I might have is in the complexity of the traffic shaper, although, I could actually use it as opposed to trying to figure out the Linux way. (which I never did figure out.)

Having said all that, my original point of the post is still standing.  Who cares if you have a Sonicwall or Pix?  Are they truly more secure?  Are they not also just software running on hardware, making them really just “embedded apps” or a sort?  I think PFSense can run embedded, right?  (Which really just translates to, “I can run this on a flash media drive and on a tiny little computer.”)  So yes, I still need to research this on my own, but I really don’t get what is better about those expensive solutions.  I’d rather have PFSense, or similar, on generic hardware that can be swapped and troubleshooted easier.  Just my opinion.