This article is not meant as a tutorial on the workings or implementations of these devices, but is meant solely as a synopsis on the strengths and weaknesses of each, which I hope will help the reader gain a better understanding to make a well-informed decision when purchasing the hardware discussed. The devices I will talk about in this document are hardware level firewalls, routers, smart cards, and biometrics systems.
Over the years, hardware level firewalls have taken on a variety of forms. They may come as a DMZ, which is a computer setup the acts as a "sacrificial lamb" by sitting between the computer it is protecting and the Internet, thus if the DMZ computer system is compromised, the computer it is designed to protect is still safe. Another form in which a firewall may come is as a certain server on a business network which intercepts all calls for access on that server rather than allowing a remote user into the internal network. Finally, a hardware firewall may be a box that sits between your computer and the Internet and inspects the packets going in and out. There are several advantages and disadvantages that a hardware firewall has over a software one and we will discuss the positive and negative aspects of both.
First of all, we'll start with a critical overview of advantages and disadvantages software firewalls.
Advantages:
- Software firewalls are normally inexpensive, thus making them attractive for home users
- They are also easy to set up and can be set to run without interrupting the user
Now, some disadvantages:
- They tend to hog a lot of processing power and disk space
- If you install one and then update your OS, you must update the firewall as well
- They can cause problems to arise in conflict with the OS
- You must purchase a licensed copy for each computer you want to secure
Now, we will take a look at the good, the bad, and the ugly when it comes to hardware firewalls:
Advantages:
- They can provide much more complete security than a software firewall
- They can be used to protect several systems at a time
- They are independent of the OS, thus incompatibility is not an issue
- They do not hog resources such as CPU power since they are separate from your system
And the disadvantages:
- Hardware firewalls tend to be quite expensive
- They are also somewhat difficult to set up
An ideal configuration would be to set up a hardware-level firewall between your computer and the net, and then install a software firewall on your box to provide an extra layer of security. Not only does this provide a chain of armour around your computer, but for users on Broad Band who are always connected to the net and have the same IP, this set up is crucial to maintain security.
Some well-know hardware firewall manufacturers include:
LinkSYS http://www.linksys.com/
Check Point http://www.checkpoint.com/
SonicWall http://www.sonicwall.com/
Routers are devices that are used in a networking environment to share Internet connections and provide LAN connections, etc. All traffic going into and coming out of the network must first pass through the router. Routers provide a layer of security, as malicious packets are usually found and dropped before reaching the internal network. A good way to secure a network would be for each machine to have a firewall and IDS, such as ZoneAlarm and Black ICE and then to put the entire network behind a router. An added bonus is that routers will drop fragmented packets before they reach your computer, preventing DoS and Teardrop attacks. Some advantages of having a router follow:
- They are easy to install
- They act as a router and modem in one
- They are friendly to a network environment
- They use Nat firewall
- They can share an internet connection using a hub or switch
I have personally never found any disadvantages to using a router. If anyone finds any please let me know.
Here are some well-known router manufacturers:
LinkSYS http://www.linksys.com/
Cisco Systems http://www.cisco.com/
Now, we will go to those cute little devices we all know and love: smart cards!
Smart cards are small, credit-card like devices which have an embedded 8-bit microprocessor and a plethora of uses.
The main application for the smart card that we will be discussing here is its use in encryption and authentication. Smart cards
are used to generate and store digital certificates for use in the Public Key Infrastructure (PKI) and to support SSL when using the web. Although the technology has not really taken off yet in the US, Europe is all over the little guys. Some of the advantages and disadvantages follow:
Advantages:
- They offer increased security compared to software tokens
- They allow for potential user mobility
- They allow sequential access to a single machine by multiple users
Disadvantages:
- They can be expensive
- All machines must have the same type of reader attached or have the same standard interface
Some well-known manufacturers of smart cards include:
Gemplus http://www.gemplus.com/
Axalto http://www.axalto.com/
That concludes the section on smart cards. Finally, we will move on to biometric systems.
Biometric security systems are hardware devices that authenticate an individual for access by taking certain physical characteristics, such as fingerprints, retinal patterns, voice samples, etc., and comparing them against a database of authorized entries. For obvious reasons, such equipment is really not needed, (and probably way to expensive) for anything but the biggest corporate enterprises or for use in government facilities. We will still discuss them, however, as they represent an important area in hardware level security devices and it would be unfair to overlook them. Besides, in light of the events happening around the world since the 9/11 terrorist attacks, these devices are becoming a more and more integral part of our society, and it is best to know as much about them as possible.
As previously stated, biometrics systems compare certain physical features of a person and then checks the information against a database to insure that the person is who they say they are. Because of its nature, this method of operation is almost impossible to thwart (though I wouldn't bet my life on it). Also, it is important while they are still too expensive for "normal" users, in terms of government spending, they are relatively cheap, making them readily available to government agencies around the country and the world. Some of its advantages and disadvantages follow:
Advantages:
- Extremely difficult to hack
- Thorough enough to be accepted as a government standard
- Years of R&D (Research and Development) have led to better technology in the field
Some disadvantages include:
- Too expensive (or maybe impractical) for home or small business use
- Takes quite a bit of physical space and power
- Professionals must be hired for installation and maintenance
Some manufacturers of biometrics systems include:
Unlimited Vision http://www.unlimitedvision.org/
Biometix http://www.biometix.com/
BioEnable http://www.bioenabletech.com/
Author: NeoRagex
This article was originally published by CyberArmy.net in the CyberArmy Library.
|
|