Why Has No One Every Proved a Hardware Firewall is More Secure than an ISA Firewall?
Have you ever been on victim end of a "hardware" firewall salesman or a "security expert" when they go on about how much more secure a "hardware" firewall is compared to an ISA firewall? You've probably heard all the stock reasons: it runs on Windows, "hardware" is more secure than software, Microsoft can't be secured, Windows 95 has a lot of security issues, and Internet Explorer isn't as good as Firefox.
Yeah, yeah, yeah. And the moon is made out of green cheese and the Earth is flat. But in any of your encounters have you ever had anyone ever prove to you that there is a specific exploit that they can launch against the ISA firewall or an ISA firewall protected system that would have been prevented by a "hardware" firewall? Anyone? Even a single person?
I've been challenging the "security experts" for the last six years, and so have many others, to prove that the ISA firewall is in reality, less secure than a hardware firewall. While we've been proving that the ISA firewall is more secure than a hardware firewall at ISAServer.org for years, I've never seen a single bit of proof that anyone can successfully compromise an ISA firewall.
So, this is my challenge to you. If you ever run into an alleged "security expert" who claims that the ISA firewall isn't as secure as a "hardware" firewall, ask them to prove it. Make sure the ISA firewall is properly configured. Heck, write to me at [email protected] and call me in to configure the ISA firewall for you, and then have the "hardware" firewall salesman or "security expert" show us together how ISA firewalls aren't as secure.
Once they fail to achieve that task (I know they won't because I've dealt with hundreds of these guys), your next step is to ask him what else did he lie about and also ask how can you trust any of his recommendations when he lied about the security an ISA firewall can provide. This is a great way for you to test both the knowledge and the integrity of your security consultants. There are a lot of things that some hardware firewalls can do that the ISA firewall can't do, and there are a lot of things the ISA firewall can do that the "hardware" firewalls can't do. But one thing is for sure -- the ISA firewall is not less secure than a hardware firewall, and you can take that to the bank.