A writer admitting he was new to IPSec VPNs wrote to a news group recently seeking advice. He wrote: "Is it true that hardware VPN solutions are always better, more trusted and more secure than software VPNs?" In other words, should he use a VPN appliance consisting of customized hardware and software rather than running VPN software on a general-purpose computer?Strictly speaking, the answer is no, because it is impossible that hardware solutions are always better.But the question generated a lot of responses, some of which is valuable to anyone weighing the possibilities.Earlier in VPN development, hardware appliances and the customer chips they used were credited with giving them higher speeds. But with the higher speeds of general processors, those days are gone. So the speed argument doesn't work anymore.The major objection to software is that it is as vulnerable as the underlying operating system that it runs on. As a result, some respondents to the question advised shutting down as many services on the operating system as possible, reducing the exposure to vulnerabilities. Some appliance vendors base their gear on Linux, which they then "harden" in this way to minimize risk that their boxes will be compromised. Others use imbedded systems designed specifically for the boxes they run on.Shoring up standard operating systems can be done and some vendors offer tools to do so. A blanket statement against software is too sweeping. You can have perfectly secure VPN gear based on either model.The discussion in practical terms needs to broaden to include price, managing these devices and updating policies, particularly in large VPNs. It is also important to consider the security of the VPN endpoints, not just the VPN devices themselves.The old debate about hardware vs. software is old and too simple to be useful anymore.