Security Basics mailing list archives
Re: what should I do when....
From: Adriel Desautels <adriel () netragard com>
Date: Sat, 12 Jul 2008 12:00:01 -0400
Mike,I'm not sure why you'd want to take the firewall out of the picture, it has a purpose and it serves that purpose well. I'm also not sure as to why you'd want to use "all the tools" as you suggested earlier, hence my "Simple, Clean and Well Managed" comment. Does this thread even have a point any more?
Regards, Adriel T. Desautels Chief Technology Officer Netragard, LLC. Office : 617-934-0269 Mobile : 617-633-3821 http://www.linkedin.com/pub/1/118/a45 Join the Netragard, LLC. Linked In Group: http://www.linkedin.com/e/gis/48683/0B98E1705142 --------------------------------------------------------------- Netragard, LLC - http://www.netragard.com - "We make IT Safe" Penetration Testing, Vulnerability Assessments, Website Security Netragard Whitepaper Downloads: ------------------------------- Choosing the right provider : http://tinyurl.com/2ahk3j Three Things you must know : http://tinyurl.com/26pjsn Mike Hale wrote:
I'd love to see what simple, clean and well managed network security tools don't include a firewall. On Fri, Jul 11, 2008 at 1:43 PM, Adriel Desautels <adriel () netragard com> wrote:Great, You must be using the right one then. Regards, Adriel T. Desautels Chief Technology Officer Netragard, LLC. Office : 617-934-0269 Mobile : 617-633-3821 http://www.linkedin.com/pub/1/118/a45 Join the Netragard, LLC. Linked In Group: http://www.linkedin.com/e/gis/48683/0B98E1705142 --------------------------------------------------------------- Netragard, LLC - http://www.netragard.com - "We make IT Safe" Penetration Testing, Vulnerability Assessments, Website Security Netragard Whitepaper Downloads: ------------------------------- Choosing the right provider : http://tinyurl.com/2ahk3j Three Things you must know : http://tinyurl.com/26pjsn William Mohney wrote:I can't argue with "simple, clean, and well managed". But the Firewall is one of the simple tools I use. Bill -----Original Message----- From: Adriel Desautels [mailto:adriel () netragard com] Sent: Friday, July 11, 2008 2:35 PM To: William Mohney Cc: Ansgar -59cobalt- Wiechers; security-basics () securityfocus com Subject: Re: what should I do when.... What about not using all the tools and only using the ones you need in a simple, clean, and well managed configuration? ;] Regards, Adriel T. Desautels Chief Technology Officer Netragard, LLC. Office : 617-934-0269 Mobile : 617-633-3821 http://www.linkedin.com/pub/1/118/a45 Join the Netragard, LLC. Linked In Group: http://www.linkedin.com/e/gis/48683/0B98E1705142 --------------------------------------------------------------- Netragard, LLC - http://www.netragard.com - "We make IT Safe" Penetration Testing, Vulnerability Assessments, Website Security Netragard Whitepaper Downloads: ------------------------------- Choosing the right provider : http://tinyurl.com/2ahk3j Three Things you must know : http://tinyurl.com/26pjsn William Mohney wrote:No one tool protects "enough". That's why we use all the tools. Bill -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Adriel Desautels Sent: Friday, July 11, 2008 9:14 AM To: Ansgar -59cobalt- Wiechers Cc: security-basics () securityfocus com Subject: Re: what should I do when.... Ansgar, You are right, I am wrong. A firewall is not a traffic shapingdeviceand I was using the wrong terminology (which doesn't happen very often, but its somewhat refreshing when it does and I'm corrected). I do stand by my *opinion* that a firewall is not a securitydevicebut is a traffic control device. My opinion can be contradicted as the definition of security is to protect from harm, and firewalls do protect some systems from harm. That is not enough to make me change my mind though. Firewalls do not protect *enough* and are easy enough to circumvent. Regards, Adriel T. Desautels Chief Technology Officer Netragard, LLC. Office : 617-934-0269 Mobile : 617-633-3821 http://www.linkedin.com/pub/1/118/a45 Join the Netragard, LLC. Linked In Group: http://www.linkedin.com/e/gis/48683/0B98E1705142 --------------------------------------------------------------- Netragard, LLC - http://www.netragard.com - "We make IT Safe" Penetration Testing, Vulnerability Assessments, Website Security Netragard Whitepaper Downloads: ------------------------------- Choosing the right provider : http://tinyurl.com/2ahk3j Three Things you must know : http://tinyurl.com/26pjsn Ansgar -59cobalt- Wiechers wrote:On 2008-07-10 Adriel Desautels wrote:What I said is not wrong, it is actually very accurate.No.Firewalls are traffic shaping devices and it is my opinion that they are not security devices. In fact, I'm not sure what you disagree with.Look up the definition of "traffic shaping" (e.g. [1]). Look up the definition of "firewall" (e.g. [2]). Notice the difference.I said: "It is my opinion that firewalls are not security devices as much as they are traffic shaping devices. Their job is to control network connections and the flow of traffic, not to ensure that something can't be hacked." You accused me of being wrong, but then you said: "A firewall is the implementation of a concept of what kind oftrafficyou want to allow or disallow between any two given networks." Isn't that what I said?No.You are in fact shaping traffic by controlling what goes in and out.Isuppose my use of the term "Traffic Shaping" could be argued.No. Firewalls accept or deny access based on their ruleset. Trafficshapingdevices don't decide whether to accept or deny anything, but modify packet rates in order to optimize network performance and/or bandwidth usage. Two entirely different concepts, using different means toachievedifferent ends.I do think that firewalls can be used to enforce certain policiesthatare security oriented, but firewalls are not in my opinion security devices.Then your opinion is wrong. Plain and simple. The decision what you want to allow or disallow into or out of your network is by any means a security decision. Firewalls implement and enforce this decision on a technical level and therefore are by definition security devices. [1] http://en.wikipedia.org/wiki/Traffic_shaping [2] http://en.wikipedia.org/wiki/Firewall Regards Ansgar Wiechers
Current thread:
- Re: what should I do when...., (continued)
- Re: what should I do when.... Ansgar -59cobalt- Wiechers (Jul 10)
- Re: what should I do when.... Adriel Desautels (Jul 11)
- Re: what should I do when.... Ansgar -59cobalt- Wiechers (Jul 11)
- RE: what should I do when.... Rivest, Philippe (Jul 11)
- Re: what should I do when.... Adriel Desautels (Jul 11)
- RE: what should I do when.... William Mohney (Jul 11)
- Re: what should I do when.... Adriel Desautels (Jul 11)
- RE: what should I do when.... William Mohney (Jul 11)
- Re: what should I do when.... Adriel Desautels (Jul 11)
- Re: what should I do when.... Mike Hale (Jul 12)
- Re: what should I do when.... Adriel Desautels (Jul 12)
- Re: what should I do when.... Adriel Desautels (Jul 12)
- Message not available
- Re: what should I do when.... Adriel Desautels (Jul 12)
- RE: what should I do when.... Nick Vaernhoej (Jul 11)
- RE: what should I do when.... Sergio Castro (Jul 11)
- Re: what should I do when.... Adriel Desautels (Jul 11)
- Message not available
- Message not available
- Fwd: what should I do when.... Eric Starace (Jul 11)
- Re: Fwd: what should I do when.... Adriel Desautels (Jul 12)
- Re: what should I do when.... ॐ aditya mukadam ॐ (Jul 11)
- Re: what should I do when.... Adriel Desautels (Jul 11)
- Message not available
- Message not available
- Re: what should I do when.... Ansgar -59cobalt- Wiechers (Jul 15)