|>Most of the arguments against "extra features" in routers seem to be on
|>the order of "A piece of security equipment shouldn't do this." Of
|>course, security is not the only function of a router, nor, for that
|>matter, of a general purpose computer (like those frequently comprising
|>firewalls). Some routers find employment in areas almost totally
|>unrelated to security, and the extra features can be useful there. In
|>fact, concentrating some services like NTP in specialized boxes can
|>reduce the overall complexity.
|>
|>All the same, a reasonable compromise would be to deploy "basic" routers
|>at the perimeter of a network, and other machines internally where extra
|>functionality is useful. Given the large number of routers "out there,"
|>it shouldn't be hard to find boxes that fit the bill for each role.
Ah, but you fail to mention that for a firewall or for an internal
networks multi-vendor increases complexity. Thus there may be a box
to fit the bill but all the vendors and their different commands,
settings, features, etc. create added complexity that makes management
less secure (this is both in terms of protecting from attack and
actually providing services to users).
|>
|> Frank
js
Follow-Ups:
References:
|
|
