Agreed, hk-. Any firewall, hardware or software, is as strong or vulnerable as the ruleset it consists of. If they're both set with identical rules, there really isn't a major advantage of one versus the other. The only difference is that with "hardware firewalls" you can use that machine as a NAT box as well, and therefore protect a larger number of machines with a single ruleset, instead of having individually configured software packages on each machine.
The key is being thorough when establishing what you absolutely have to let through the firewall (inbound and outbound), not what type of firewall you have.
__________________
Eat antimatter, Posleen-boy!
|