Security Basics mailing list archives
Re: Host-Base Firewall
From: krymson () gmail com
Date: 30 May 2008 13:01:31 -0000
So, are you saying that because a firewall can't make every perfect decision, they do not equal security? I wonder, do they add any value to you at all? What if they do DPI and make smarter decisions? So if security cannot be found in hardware, does that mean a fancy door lock, card/biometric authentication, and mantrap have no value? Personally, I find value in firewalls. Sure, the security they offer is not perfect, but that doesn't discount them as being a part of a solid security regimen. In fact, while there are journalists and other part-time ITers who regularly call out about the widening or diminishing perimeters, there is still a definite need to separate networks of different trust levels to some degree or other. I know there will be some here that can smell the straw for the hay in the above, but such a tactic can be useful to find the boundaries. <- snip -> All, Firewalls are packet control devices. They do little more than control the flow of traffic into and out of your network. Some of them contain "defensive" capabilities such as IPS. Those defenses make decisions based on the nature of the traffic. Those decisions aren't as accurate as they should be because the very medium from which they are forming "opinions" is flawed. Traffic can be spoofed/forged/manipulated, so how can one trust it. Security is more of a process than anything else. It is enforced by policies, procedures, and the people using technology. Security can not be found via hardware. This is a bit philosophical, but I can back this up if anyone doesn't understand my perspective. Regards, Adriel T. Desautels Chief Technology Officer Netragard, LLC.
Current thread:
- Host-Base Firewall Mohamed Farid (May 28)
- Message not available
- RE: Host-Base Firewall Mohamed Farid (May 28)
- Re: Host-Base Firewall Adriel Desautels (May 28)
- RE: Host-Base Firewall Murda Mcloud (May 29)
- Re: Host-Base Firewall Adriel Desautels (May 29)
- Message not available
- Re: Host-Base Firewall Adriel Desautels (May 30)
- RE: Host-Base Firewall Mohamed Farid (May 28)
- Message not available
- Re: Host-Base Firewall Shawn A. Corrello (May 29)
- Re: Host-Base Firewall Steven D. Ellison (May 28)
- <Possible follow-ups>
- Re: Host-Base Firewall krymson (May 30)
- Re: Host-Base Firewall Adriel Desautels (May 30)
- Re: Host-Base Firewall Shawn A. Corrello (May 30)
- Re: Host-Base Firewall Adriel Desautels (May 30)
- Re: Host-Base Firewall Adriel Desautels (May 30)
- Re: Host-Base Firewall Adriel Desautels (May 30)
- RE: Host-Base Firewall Nelson, James (May 30)
- Re: Host-Base Firewall Kurt Buff (May 30)