Travis:
Since no one else mentioned us, check out:
http://www.iproute.com
A couple of benefits with DOS firewalls. These also apply to most real-time
OS's.
-Don't forget that DOS is still used by Microsoft Windows 95, they just
disguise it.
-If improperly configured, many firewalls based on other operating systems
such as UNIX or Microsoft NT can be subverted and used as a platform to attack
its own trusted network (thus the whole discussion on B2 level security).
Since these operating systems contain IP stacks independent of the Firewall
software, even if the Firewall fails, the IP packets could still get through.
-IPRoute/Secure utilizes the DOS operating system to help ensure that if the
Firewall software should fail that the firewall system cannot be used to
breach the trusted network. IPRoute/Secure is a true, transparent firewall
system. This means that there is not an independent IP stack on the system and
if the firewall software should fail, there is absolutely no way to get
through the network interfaces on the DOS system to the trusted network via
any protocol. This provides the most secure of firewall environments: a
security kernel approach where the firewall software controls all access to or
from the system to the exclusion of all other types of activities (e.g.
routing). In this manner, DOS actually complements the security of the product
environment.
-Because of low system overhead we have one of the fastest VPN IPSec
implementations around.
-It is pretty crash-proof. We just use DOS for booting and the File I/O.
Customers have stuck these Firewalls in a closet for a year without rebooting
it.
-You can run it on just about any legacy system. A 386 with 1 Meg of RAM will
easily handle a 128K ISDN connection for about 20 workstations.
-We can boot and run off of a single floppy.
-It scales well. Throw a fast Pentium at it with some RAM and you can have
multiple 100 megabit interfaces all running at full speed (limited by the Bus
of course). We use our own DOS extender and mutlitask code.
-Support for a large number of packet drivers (300 at last count including
Ethernet, Token Ring, FDDI, V.35, Frame Relay and ISDN).
-It is cheap.
-Hey, DOS is available just about anywhere in the world, especially Eastern
Europe.
-Like in real estate, no OS overhead, no OS overhead, no OS overhead ;-)
Just our philosophy. We don't claim to be the end-all, be-all of Firewalls. If
you want a lot of fine grained control over logs, access, protocols, proxies,
etc. then you will probably go with UNIX or NT. We also don't write the packet
drivers. You are at the mercy of your NIC vendor for those.
BTW, If you haven't figured it out ;-) I do work for 'em.
Mike
--
03:40:39
08/01/97
_______________________________________________________________________
Michael W. Chalkley Tel: +1.770.772.4567
ZapNet! Inc. Fax: +1.770.475.7640
Suite 400-120 E-mail: mikech @
iproute .
com
10945 State Bridge Road mikech @
avana .
net
Alpharetta, GA 30202 http://www.iproute.com
|
|
