[BUGA] layer2 hardware firewall device [recommendations please]
Daniel O'Connor
doconnor at gsoft.com.au
Wed Jul 20 12:01:19 CST 2005
On Tuesday 19 July 2005 16:41, Wilkinson, Alex wrote:
> ok, I'll clarify what I am talking about. The type of firewall that I
> am talking about is known as a "bridging firewall" or a "transparent
> firewall" i.e a firewall that merely moves frames after inspecting
> them between interfaces.
OK.
> Both of your aforementioned solutions would not get accredited by DSA
> (Defence Security Authority). The *only* solution that will get
> accredited by DSA is a *hardware firewall*. And at any time whatsoever we
> cannot have a DoD device (aka restricted device) connected to a
> non-restricted network (e.g ISP). Therefore in light of this we *have*
> to have a device (filter) that will sit between a DoD device and an
> un-restricted network. If we use the firewall built into the
> DSL-router then we have just connected our restricted device to an
> unrestricted network.
I believe the term "hardware firewall" is almost totally without meaning.
*Every* firewall device I know about, be it a consumer wireless router, Cisco
million dollar magic box or PC running FreeBSD has an operating system and
all of the logic is controlled by software.
It might be called firmware but that just means it's software loaded from
flash.
> Unfortunately it is all about accreditation from DSA.
Right well now you actually have specified a proper requirement.. Can you ask
the DSA exactly what they mean by a "hardware firewall"? Or better yet, a
list of devices that have DSA accreditation?
> Such a device we had in mind is the NetScreen-5 Series
> [http://www.juniper.net/products/integrated/], but this product needs
> AC power. We want a device that is powered off a USB or firewire bus.
I note the NetScreen HSC uses 12W at 12V so you could probably power it off
firewire, or you could get a blanking plate for a PC with a molex connector
from the power supply to power it with (and a bit of wiring).
--
Daniel O'Connor software and network engineer
for Genesis Software - http://www.gsoft.com.au
"The nice thing about standards is that there
are so many of them to choose from."
-- Andrew Tanenbaum
GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://www.auug.org.au/pipermail/buga/attachments/20050720/be9ad685/attachment.bin
More information about the BUGA
mailing list