Firewall On A PCI card

robags writes: "The people at Merilus have grabbed a PCI card, embedded Linux, added some Ethernet ports and come up with the FireCard. The OS on the host system can crash out, without affecting your firewall. 'Once installed, the FireCard provides firewalling, routing, bandwidth management, virtual private networking, redundant failover, intrusion detection and much more.'" This sounds like a smart product, especially for telecommuters; I sure hope it's not a pointless hoax or vaporware.

You are not the target market.

[mosch]

This isn't for a business, or for a hardcore geek. It's meant as a security solution for your average Joe, who only has one computer, and wants to work from home on his broadband connection.

Joe currently has a few options, he can get some personal firewall software, but he was talking to a geek friend of his who told him that it would be pretty trivial to make a trojan that would disable the personal firewall software.

Jane looked at the integrated router/firewall/hub solutions, but she didn't like that. She already doesn't like that her cable modem has one ugly box next to her computer, and she doesn't want another ugly box there. The last thing she wants is more confusing cables to figure out, and besides, her power strip doesn't have any more space for the wall wart that invariably powers those things.

Joe and Jane talk to their geek friend, and he says 'hey, i've got a solution which is just as good as a seperate computer, but it goes right inside your current 'puter, but has it's own processor and everything, so it's not affected by trojans, viruses or anything'. Joe thinks 'great, i have no idea what that means, but what the hell, if my geek friend says it's the shit, then it's the shit'. Jane thinks 'Hmmm.... that sounds good, and it eliminates any number of security attacks, while reducing cable clutter, i'll buy one for myself.'

Then their geek friend helps them set it up, and goes home to the p75 that he converted into a firewall. On the way, he opens his mailbox and inside is an electric bill. He reads the bill, and does some calculations on the operating cost of the p75, and realizes that in addition to being a white-noise generator and an eye-sore, that p75 is costing him more money than it's saving. The geek goes out to the store, buys one of these firecards, installs it, and realizes that for a home solution, it's really not a bad idea.

--
"Don't trolls get tired?"

Re:But why?

[MarNuke]

I'm not sure I understand the benefits of taking a small independent computer and making it dependent on another one, even if it is just for power... surely a box the same size as the card, with it's own PSU and a serial port for control is more reliable? Or a 1U case for a rackmount "enterprise" one

I doupt this will be marketed for enterprise users using CheckPoint or what not. The real market for this device is personal firewall market.

Here's the deal. You're a UNIX security Guru. You know `ipchains` like you know perl. You don't compile a kernels, you rewrite drivers. Your best buddie down the street just got that high bandwidth connection that makes you sick. It might be DSL, Cable, 10bt, or even Fiber. You know he needs a firewall. He knows he has to have one. There's no way around it. Buddy only know AIM, pr0n, mp3's, and types http://www before every url.

You're a good friend and you want to help him out. You have a few choices:

You can give him one of yours 486, find 20-40 hours, build a solid firewall, and give him a your pager number so he can call you when it fails You can tell him to go out of the box firewall that runs on windows and cost $19.95 that require a machine or run on the host machine but you know these solutions are lame as hell. Heck you crack the "firewalls" in you spare time! Or you can tell him to buy this card, which doesn't require that much effort, just as secure as the stand alone, and you can still have a life!!!

But why?

[Howie]

I'm not sure I understand the benefits of taking a small independent computer and making it dependent on another one, even if it is just for power... surely a box the same size as the card, with it's own PSU and a serial port for control is more reliable? Or a 1U case for a rackmount "enterprise" one.

(the red PCBs look cool though :-) )

Firewall cards

[QuantumG]

Two years ago I did the embedded programming on a firewall PCI card. They had a proprietory TCP/IP stack (though I'm sure it was based on some BSD code) which they wanted ip forwarding and packet filtering from. It was a REALLY easy job. I essentially cross compiled the code and used the example code that came with the ethernet chips (there was two, which BTW, if you don't have on that card, it aint a firewall) with 10/100 UTP ports, one for the Internet side of the firewall and the other to plug into your hub. I think they eventually abandoned the product as stupid and developed it into a sealed box firewall about the size of a matchbook. Last time I talked to them they still hadn't shipped.