In general, firewalls can offer data privacy, integrity,
and availability.
A firewall is often seen as the first step toward a network security solution. Network security needs to be
architected as a foundation for success, and firewalls are an integral part of this architecture.
Firewall deployment requires charting network boundaries between security domains. A network security
domain is a contiguous zone of a network that operates under a uniform security policy. A policy enforcement
mechanism is required where these domains interconnect. This is where firewall technology comes into play.
Firewalls ensure protection by acting as the first line of network defense.
Hardware Versus Software Firewalls
The primary differentiator between a hardware- and software- based firewall is the underlying dependency on
the operating systems they run on. Both can prove equally secure if the network design and configuration are
impeccable. As seen in the previous chapter, the software-based Cisco IOS Firewall technology is integrated
functionality inside the Cisco IOS Software, thereby providing a stateful inspection firewall engine with
application-level intelligence. There are a couple of reasons why hardware firewalls are better than software
firewalls: hardware firewalls are robust and built specifically for the purpose of "firewalling," and they are less
vulnerable than software firewalls.
Pages:
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247