On 1/12/06, Per Jessen
Kai Ponte wrote:
First, I would disagree with using ZA as a software firewall. Actually, from all I've read/seen, a good hardware firewall is all you should need. (Provided it is configured correctly.)
Kai, a hardware firewall is nothing but a blackbox running a software firewall.
Partially true, but most poeple (just as I do) understand the term
"hardware firewall" as an advanced piece of hardware,
application-level firewall and not just a simple port filter, which is
what effectively every "software firewall" is doing. A port filter
does not protect you from spyware or other malicious codes (a fact not
known to the average user who is quite confused when getting hit by
worms even while actively running a so called "firewall"). An
application-level firewall is capable of detecting known malicious
code signatures that are carried as payloads in application level
protocols, such as HTTP or FTP. The techniques involved in analyzing
network packets (at real-time) are highly processing intensive, thus
requiring highly specialized hardware to cope with transmission speeds
used today in the Internet and local networks. From this point of
view a hardware firewall is _not_ just a blackbox running a software
firewall.
Wow, this is even more OT. Just my 2 cents.
\Steve
--
Steve Graegert