Re: what should I do when....

[Ansgar -59cobalt- Wiechers <cobalt () planetcobalt net>]

On 2008-07-09 Adriel Desautels wrote:
>       You can not bullet proof a computer system by using a firewall even if
>       you block all traffic to and from that system.

If you carefully re-read my mail you'll notice that I didn't claim
anything like that. I said that both tasks are equally difficult.

> In most configurations firewalls block inbound connection attempts to
> *internal* systems, while they permit outbound attempts from those
> systems.
>
> It is my opinion that firewalls are not security devices as much as
> they are traffic shaping devices. Their job is to control network
> connections and the flow of traffic, not to ensure that something
> can't be hacked.

That's just plain wrong. Even if you think of firewalls as mere packet
filtering devices they still control which connections may or may not be
established inbound and/or outbound. That is most certainly a security
feature.

However, firewalls are not limited to being mere packet filters. A
firewall is the implementation of a concept of what kind of traffic you
want to allow or disallow between any two given networks. On top of
packet filters a firewall may include DMZs, proxies (for application
layer filtering), virus scanners, VPN endpoints, and various other
measures.

Regards
Ansgar Wiechers
-- 
"The Mac OS X kernel should never panic because, when it does, it
seriously inconveniences the user."
--http://developer.apple.com/technotes/tn2004/tn2118.html