Security Basics mailing list archives
Re: what should I do when....
From: Ansgar -59cobalt- Wiechers <cobalt () planetcobalt net>
Date: Thu, 10 Jul 2008 14:06:43 +0200
On 2008-07-09 Adriel Desautels wrote:
You can not bullet proof a computer system by using a firewall even if you block all traffic to and from that system.
If you carefully re-read my mail you'll notice that I didn't claim anything like that. I said that both tasks are equally difficult.
In most configurations firewalls block inbound connection attempts to *internal* systems, while they permit outbound attempts from those systems. It is my opinion that firewalls are not security devices as much as they are traffic shaping devices. Their job is to control network connections and the flow of traffic, not to ensure that something can't be hacked.
That's just plain wrong. Even if you think of firewalls as mere packet filtering devices they still control which connections may or may not be established inbound and/or outbound. That is most certainly a security feature. However, firewalls are not limited to being mere packet filters. A firewall is the implementation of a concept of what kind of traffic you want to allow or disallow between any two given networks. On top of packet filters a firewall may include DMZs, proxies (for application layer filtering), virus scanners, VPN endpoints, and various other measures. Regards Ansgar Wiechers -- "The Mac OS X kernel should never panic because, when it does, it seriously inconveniences the user." --http://developer.apple.com/technotes/tn2004/tn2118.html
Current thread:
- what should I do when.... Jorge L. Vazquez (Jul 04)
- RE: what should I do when.... Rivest, Philippe (Jul 04)
- RE: what should I do when.... Sergio Castro (Jul 07)
- RE: what should I do when.... Rivest, Philippe (Jul 07)
- RE: what should I do when.... Sergio Castro (Jul 07)
- Message not available
- RE: what should I do when.... Sergio Castro (Jul 08)
- RE: what should I do when.... Weir, Jason (Jul 09)
- Re: what should I do when.... Ansgar -59cobalt- Wiechers (Jul 09)
- Re: what should I do when.... Adriel Desautels (Jul 10)
- Re: what should I do when.... Ansgar -59cobalt- Wiechers (Jul 10)
- Re: what should I do when.... Adriel Desautels (Jul 11)
- Re: what should I do when.... Ansgar -59cobalt- Wiechers (Jul 11)
- RE: what should I do when.... Rivest, Philippe (Jul 11)
- Re: what should I do when.... Adriel Desautels (Jul 11)
- RE: what should I do when.... William Mohney (Jul 11)
- Re: what should I do when.... Adriel Desautels (Jul 11)
- RE: what should I do when.... William Mohney (Jul 11)
- Re: what should I do when.... Adriel Desautels (Jul 11)
- Re: what should I do when.... Mike Hale (Jul 12)
- Re: what should I do when.... Adriel Desautels (Jul 12)
- RE: what should I do when.... Rivest, Philippe (Jul 07)