got a discussion topic:
is a diskless firewall more or less secure than a standard firewall?
i'm thinking that because the disk resides on a separate system, that any attack attempts will be halted at the firewall, and the hacker then cannot proceed into the network if s/he cannot touch the contents of the firewalls disk (as the firewall won't allow access to that system)..

this won't really protect much except the firewall itself, as any trojan or internal backdoor could easily bypass the firewall...


i don't know.. is this idea worth the R&D?

The programs are still in memory, and so the operating environment is still fundamentally the same. The only things that a diskless system changes is that they can't load new things off of disk into memory and they can't alter the firewall settings on the disk. However, the only time either of those would happen would be after something else has gone wrong with the firewall anyway. I guess they couldn't load a new shell off of the disk, so smashing the stack is kind of out. But then again stack-smashing isn't what circumvents most firewalls, I don't think.

I'm just rambling, but that's what I've got :)

yes, i had thought of that... (data still in RAM)...

but my main thought is this:

a firewall is made to allow only selected chunks of data through. if your network requires internet, then it allows port 80 to pass through (perhaps with monitoring), if your company requires telnet/ssh, then it allow that to go through...

however, the most secure network wil be running NO outside services and not allow ANY services to come IN from the outside (other than what it NEEDED)...

now the firewall itself usually has it's own services running, and there are some firewalls that run mail, web and even ssh servers... (point of which i don't quite understand!) and i'm wondering if changing the disk's location will affect the way the firewall operates, or it's security.