Re: [Full-Disclosure] Why should one buy (or not) an Appliance-based security gateway?

[Paul Schmehl <pauls@xxxxxxxxxxxx>]

--On Friday, July 30, 2004 02:55:04 PM -0300 Bernardo Santos Wernesback 
<bernardo@xxxxxxxxxx> wrote:
> A few colleagues and I started a discussion as to why one should or
> shouldn't buy an appliance-based firewall, ids/ips or other security
> appliance instead of installing software on a server.
>
> We thought about patching, performance, and other reason for each option
> but I'd like to hear what other people think.
>
> I would really appreciate if you could share your thoughts with me.
1) Most appliance-based devices do not allow access to the operating system 
from the application.  In fact, they don't even allow access to the 
application, except for its configuration.

2) Most appliance-based devices have a kernel and OS that is specifically 
built (or the latest buzz word "purpose-built") for the service they 
provide, making them capable of running on lower speed processors and lower 
memory footprints than a general purpose OS (or conversely, capable of 
doing a great deal more with the same CPU speed and memory footprint.)

Those are the two main benefits that I hear most often touted.  I haven't 
done any research into those claims.  Perhaps someone else has?

Paul Schmehl (pauls@xxxxxxxxxxxx)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html