what are 'host -based' vs OS-based firewalls?

"xz" wrote in news:1117061663.661969.13400 @g44g2000cwa.googlegroups.com:

The host based FW would be one that needs a computer and O/S to run from and would be on a gateway computer protecting a LAN. The O/S based FW like a personal FW solution would be one that protects the O/S, its services and applications for a single computer that is directly connected to the Internet, which is not a FW in the true sense as it is not separating two networks and is machine level protection solely for the machine. That's how I understand it.

The two links may be halp to provide more information.

Duane :)

Duane,

thanks for your reply. I now get that a OS-based f.wall is like, Microsoft Personal Firewall ;) just to protect that machine.

One other type I wasn't sure about is a 'Firmware-based' firewall. Any ideas what this is? I read somewhere that a firmware-based firewall is NOT scaleable, whereas an OS-based or host-based f.wall can scale ( by adding more memory / processing power to the machine, I suppose)

Thanks again

Ya I know what firmware is - I've updated firmware quite a few times too on a variety of machines. I'm trying to think, what kind of firewall is firmware based :) ? I can't imagine it, but it must exist :) secondly, I don't understand why a firmware-based firewall is not scaleable, whereas OS-based f.wall is scaleable.

Firmware means the code is in the hardware. Your bios is in firmware. Your lawn sprinkler controller is firmware.

"xz" wrote in news:1117134955.652881.231720 @g43g2000cwa.googlegroups.com:

The only firmware FW software I know about is in FW appliances like WatchGuard, Cisco, Netscreen, etc etc.

You can scale-up by getting an appliance that is more powerful and has more features one can scale to a higher-end appliance that way I would think.

whereas an OS-based or host-based f.wall can scale (

Well anything running on the machine is scaleable if running on the machine that has been given more memory / processing power or a higher end machine is provided.

When you are talking scaling, I would think one would be talking about what happening in the link.

Someone, with more FW expertise than I will have to explain more to you about a scaling FW solution as I know very little about it.

Duane :)

Almost every appliance is Firmware based - there is the basic firmware, the OS part of the system, then there are the rule sets that are flashed into another memory area. Some firewalls use memory cards (like CF, SD, etc...)

Many appliances scale well, it's up to you to purchase one that has that ability.

xz wrote on 26 May 2005 13:02:30 -0700:

How about the nForce4 chipset with built-in firewall? That would be firmware based.

I guess a firmware based one is limited by the chipset it's running on (eg. it would only have limited space to hold rules and current connection states). You can't upgrade the chipset, you can only replace it. However, an OS-based firewall might be able to scale to new hardware (faster processor, more RAM, etc.).

Dan

Yeah, nVidia's nForce4 is what I'm using on my most recent machine. Works okay so far, just a few idiosyncracies. Actually, it's sort of a hybrid implementation in that the application control apparently continues to run in main RAM. Still, it offloads about 80% of the load on the CPU (according to nVidia).

While it was initially available only for AMD-based motherboards, nVidia has now released at least one version of the chipset for use with Intel CPUs. (Don't know if any motherboard vendors have started using it yet, however.)

A little birdie tells me that all of this was a bit much for Intel, so they're hard at work on doing the same thing with their own chipsets.

.. . . .

.. . . .