Results 1 to 11 of 11
  1. #1
    Join Date
    Oct 2006
    Posts
    39

    Hardware or Software Firewall? [merged]

    We have an ecommerce site, we accept credit card payments, but do not store credit card information on our site. Previously I was on a VDS and everything way taken care of, but now I'm considering moving to a managed dedicated server with rackspace or liquidweb, and the issue of a software or hardware firewall has come up.

    I'm thinking a hardware firewall might be overkill and they are quite pricey, $100-$125/mo, do I really need a hardware firewall or just a software firewall to protect my customer's information?

  2. #2
    Join Date
    Sep 2006
    Location
    San Jose
    Posts
    57
    I don't think you need hardware firewall unless you experience some big DoS attacks on your sites.

  3. #3
    Join Date
    Feb 2004
    Posts
    634
    PCI compliance requires a firewall (under Section 1, Network Security), though not necessary a hardware firewall. Depending on your processing volume, PCI compliance may either be mandatory or recommended. I strongly suggest architecting your systems appropriately for PCI compliance, irregardless of your volume. Make sure for instance you actually aren't accidentally storing any cardholder data; I've seen my share of systems where it was claimed they aren't storing CC data because it wasn't being inserted into a database, yet it was being logged in plain text files from the application server. For a single server a software firewall should be perfectly adequete.

  4. #4
    Join Date
    Sep 2006
    Location
    San Jose
    Posts
    57
    I also recommend Intrusion Detection System e.g. Snort + SnortSAM

  5. #5
    Technically speaking, a hardware or software firewall would achieve the same purpose. A Software Firewall would load on the server and utilize the CPU for processing of rules and if you are experiencing heavy traffic with a lot of rulesets, the incoming traffic might tax your CPU and slow down the server. That is where a hardware firewall comes into play, it will off-load all the firewall services to the hardware firewall box so that the CPU would be free to just process everything else apart from the firewall functions.
    http://www.batchimage.com - Offering Batch Image Processing and TIFF/PDF Software Solutions

  6. #6
    Join Date
    Mar 2003
    Location
    Singapore
    Posts
    731
    Hi there,
    I'm having hard time reading what you're trying to post here, due to all the HTML tags.

    Anyways, firewall is just one of the few security measures performed on your server to secure it. You can not say that you're 100% save if you have a firewall. Your customer's information might be stolen due to the weak customer management script.

    As for whether hardware or software firewall is good, I would say hardware firewall helps by reducing the server resource usage. Software firewalls are economic, as APF and IPtables are free

    Thanks!
    SecureAX Singapore - Virtualization, Private Cloud Computing & Managed Datacenter in Singapore
    - Managed Virtual Private Servers, Dedicated Servers & Colocation Services in Singapore
    - Gigabit backbone at Equinix Singapore, M1 & Telin Datacenters with Private Link for Disaster Recovery setup

  7. #7
    Join Date
    Oct 2006
    Posts
    39
    Thanks for all the great responses!

    Can anyone suggest a reasonably priced firewall or open-source firewall that is on the easy side to configure and would provide good protection from incoming threats?

  8. #8
    Join Date
    May 2006
    Location
    Florida, USA
    Posts
    362
    Linux or Windows?
    Host, YES!
    Reselling? Partner for profit instead!

  9. #9
    Join Date
    Mar 2005
    Posts
    90
    Like michael has stated, I think how well your site was scripted is more important than the firewall. Software firewall is free, so even if you have hardware firewall might as well use software firewall anyway, that's what I would do, but then I'm no expert.

  10. #10
    Join Date
    Oct 2004
    Location
    Canada
    Posts
    144
    If you re on a linux machine, dont bother looking for firewall software. Just learn how to use iptables (in a shell type "man iptables") its very robust and simple to use once you become familiar, plus there is nothing to install. It should already be on your server. Also, just for fun, try googleing "ethernet bridge firewall".

  11. #11
    Join Date
    Nov 2001
    Location
    Vancouver
    Posts
    2,416
    For the purposes you'll be implementing a firewall, it won't really matter. You are going to be implementing a firewall for the check list value in order to meet PCI.

    As others have said, your ecommerce application (scripts) as well as the overall state of your server(s) i.e. do you keep up with the various security advisories, update system and application software on a timely basis, have you locked down the machine as tight as possible, etc - will mean a lot more to your overall security than the firewall.

    While the firewall will help, assuming you have decent rules implemented, in assuring that ports which shouldn't be exposed, aren't, even before the firewall goes up you ought to ensure that ports which shouldn't be exposed to the Internet, aren't. I.e. your db server, or network services you aren't using. Some OS's have better out of the box defaults than others.
    “Even those who arrange and design shrubberies are under
    considerable economic stress at this period in history.”

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •