Slashdot Mirror

← Back to Stories (view on slashdot.org)

3Com to Sell Firewall-in-a-NIC

Posted by CmdrTaco on from the better-make-sure-they're-secure dept.

Broue Master writes "According to a UK ZDNet article, 3Com is commercializing a firewall into a NIC aimed at desktop and servers." Interesting idea, although it'll be interesting to see if the idea catches on.

5 of 205 comments (clear)

  1. Sounds good but.... by RealisticWeb.com · · Score: 3, Interesting

    It sounds like a good idea, but It seems to me like just a fancy way to sell you another server to have to manage. A central server for your NIC cards? Thats the last thing that I want to have to deal with. I would be curious to see benchmarks against something like this and a traditional firewall.

    --
    Sigs are out of style, so I'm not going to use one...oh wait..
  2. Hardware VPN? by Kenja · · Score: 3, Interesting
    No word on if this card will support site to site VPN tunnels. If so it could be very usfull for remote clients connecting into a main network. As it stands such users are forced to use a software VPN client.

    In related news, I hear that Sonicwall will have a VPN/Firewall in a PCMCIA card later this year.

    --

    "Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
  3. 3com Mailer by Wells2k · · Score: 3, Interesting

    I received a mailer from 3com recently advertising this very card, offering one of them to institutions as a freebie if the institution qualified. The mailer itself was a piece of work: You had to unfold it to find out what it was, and on each of the folds was the word "ping". When you got to the center of it, it had something about being hacked, and then the rest of the ad talked about getting this piece of equipment for your protection, etc.

  4. Re:Technology for its own sake by iabervon · · Score: 3, Interesting

    The purpose of firewalls is to isolate a machine from the bad guys who might exploit security holes you want to leave open for the local good guys. That is, you have the open network, then the firewall, then a network where you're more lax about security. That way you can use insecure protocols in places where you trust the network.

    If you're putting a firewall on the machine, the only area where you don't have to care about security is within your machine. But within your machine, you have other methods: IPC, shared memory, or even net 127.

    But what this really does is it talks to a server which tells the NIC what to ignore, overriding what your machine wants to do (if there are any security holes on your machine, your OS will presumably configure the firewall to expose them, if it can; if it weren't going to, it would filter at the OS level). This essentially prevents your machine from listening on any ports that the central server doesn't want you listening on or making connections the central server doesn't want you to make.

    There are two functional differences between this and a traditional firewall. The policy machine doesn't have to look at the packets, because it tells the machines which have to look at the packets anyway what to do; therefore, it's harder for an outsider to overwhelm the policy machine. Also, this setup will allow the firewall to stop you from talking to other machines on the network. This could stop a worm from spreading within a company over services which aren't supposed to be enabled.

    So the policy server and the set of cards together make what amounts to a firewall. If you buy one of these, you don't get your own firewall.

  5. firewalled network cards by Anonymous Coward · · Score: 2, Interesting

    I just hope they include the ability to disable this feature. I can see numerous connectivity problems and difficult troubleshooting ahead...

    Does this mean you will be unable to ping the loopback address???

    Will you have to swap the card out to see whether the firewall on the card is playing up?

    Jeeezus