Security Basics mailing list archives
Re: what should I do when....
From: Adriel Desautels <adriel () netragard com>
Date: Thu, 10 Jul 2008 11:12:53 -0400
Ansgar,What I said is not wrong, it is actually very accurate. Firewalls are traffic shaping devices and it is my opinion that they are not security devices. In fact, I'm not sure what you disagree with.
I said: "It is my opinion that firewalls are not security devices as much as they are traffic shaping devices. Their job is to control network connections and the flow of traffic, not to ensure that something can't be hacked." You accused me of being wrong, but then you said:"A firewall is the implementation of a concept of what kind of traffic you want to allow or disallow between any two given networks."
Isn't that what I said? You are in fact shaping traffic by controlling what goes in and out. I suppose my use of the term "Traffic Shaping" could be argued.
I do think that firewalls can be used to enforce certain policies that are security oriented, but firewalls are not in my opinion security devices.
Regards, Adriel T. Desautels Chief Technology Officer Netragard, LLC. Office : 617-934-0269 Mobile : 617-633-3821 http://www.linkedin.com/pub/1/118/a45 Join the Netragard, LLC. Linked In Group: http://www.linkedin.com/e/gis/48683/0B98E1705142 --------------------------------------------------------------- Netragard, LLC - http://www.netragard.com - "We make IT Safe" Penetration Testing, Vulnerability Assessments, Website Security Netragard Whitepaper Downloads: ------------------------------- Choosing the right provider : http://tinyurl.com/2ahk3j Three Things you must know : http://tinyurl.com/26pjsn Ansgar -59cobalt- Wiechers wrote:
On 2008-07-09 Adriel Desautels wrote:You can not bullet proof a computer system by using a firewall even if you block all traffic to and from that system.If you carefully re-read my mail you'll notice that I didn't claim anything like that. I said that both tasks are equally difficult.In most configurations firewalls block inbound connection attempts to *internal* systems, while they permit outbound attempts from those systems. It is my opinion that firewalls are not security devices as much as they are traffic shaping devices. Their job is to control network connections and the flow of traffic, not to ensure that something can't be hacked.That's just plain wrong. Even if you think of firewalls as mere packet filtering devices they still control which connections may or may not be established inbound and/or outbound. That is most certainly a security feature. However, firewalls are not limited to being mere packet filters. A firewall is the implementation of a concept of what kind of traffic you want to allow or disallow between any two given networks. On top of packet filters a firewall may include DMZs, proxies (for application layer filtering), virus scanners, VPN endpoints, and various other measures. Regards Ansgar Wiechers
Current thread:
- what should I do when.... Jorge L. Vazquez (Jul 04)
- RE: what should I do when.... Rivest, Philippe (Jul 04)
- RE: what should I do when.... Sergio Castro (Jul 07)
- RE: what should I do when.... Rivest, Philippe (Jul 07)
- RE: what should I do when.... Sergio Castro (Jul 07)
- Message not available
- RE: what should I do when.... Sergio Castro (Jul 08)
- RE: what should I do when.... Weir, Jason (Jul 09)
- Re: what should I do when.... Ansgar -59cobalt- Wiechers (Jul 09)
- Re: what should I do when.... Adriel Desautels (Jul 10)
- Re: what should I do when.... Ansgar -59cobalt- Wiechers (Jul 10)
- Re: what should I do when.... Adriel Desautels (Jul 11)
- Re: what should I do when.... Ansgar -59cobalt- Wiechers (Jul 11)
- RE: what should I do when.... Rivest, Philippe (Jul 11)
- Re: what should I do when.... Adriel Desautels (Jul 11)
- RE: what should I do when.... William Mohney (Jul 11)
- Re: what should I do when.... Adriel Desautels (Jul 11)
- RE: what should I do when.... William Mohney (Jul 11)
- Re: what should I do when.... Adriel Desautels (Jul 11)
- Re: what should I do when.... Mike Hale (Jul 12)
- Re: what should I do when.... Adriel Desautels (Jul 12)
- RE: what should I do when.... Rivest, Philippe (Jul 07)
- Re: what should I do when.... Adriel Desautels (Jul 12)