Dailydave mailing list archives
Re: This just in: Firewalls are obsolete
From: Florian Weimer <fw () deneb enyo de>
Date: Tue, 12 Jul 2005 01:49:47 +0200
* Gadi Evron:
If you can bring every (erm, every?!) machine in your network to where it is secure enough to be on the Internet, on its own.. then why do you still need a perimeter?
For detection. But I tend agree that hardening the hosts themselves is the way to go. Another approach is segregation of the internal network at the network device layer (using bridging IP-layer filters, packet filters which route between different VLANs, and so on). But this is apparently very hard to implement on larger networks, at least with current technology.
I may find this ridiculous, but I am far from vain enough to dismiss some of these people and their work so readily.. I must simply not be getting it.
Why do you think it's ridiculous? Obviously, you don't think patching is the answer, either. 8-) In which direction do you try to push things?
However, getting back to this article, saying that we don't need Firewalls because we can use ACL's... is one of the silliest statements I ever heard. It's pretty much like saying.. "hey, we don't need a picket-fence, we can use a wooden-fence."
I think there's some feeling that a firewall is just a router with an attitude. I'm slightly biased by my experience, but it does make sense to run a stateless packet filter at the perimeter, and not some obscure gadget which dies horribly when someone starts a quick port scan across your address space (or launches a 50 kpps DoS attack). _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: This just in: Firewalls are obsolete, (continued)
- Re: This just in: Firewalls are obsolete Gadi Evron (Jul 11)
- Re: This just in: Firewalls are obsolete Blue Boar (Jul 11)
- Re: This just in: Firewalls are obsolete Florian Weimer (Jul 11)
- Re: This just in: Firewalls are obsolete Gadi Evron (Jul 11)
- Re: This just in: Firewalls are obsolete Florian Weimer (Jul 11)
- Re: This just in: Firewalls are obsolete Blue Boar (Jul 11)
- Re: This just in: Firewalls are obsolete Blue Boar (Jul 11)
- Re: This just in: Firewalls are obsolete I)ruid (Jul 12)
- Re: This just in: Firewalls are obsolete rdump (Jul 12)
- Re: This just in: Firewalls are obsolete Florian Weimer (Jul 11)
- Re: This just in: Firewalls are obsolete Gadi Evron (Jul 11)
- Re: This just in: Firewalls are obsolete Florian Weimer (Jul 11)
- Re: This just in: Firewalls are obsolete byte_jump (Jul 12)
- Re: This just in: Firewalls are obsolete dan (Jul 12)
- Re: Re: This just in: Firewalls are obsolete Gadi Evron (Jul 13)
- Re: Re: This just in: Firewalls are obsolete plonky (Jul 13)
- Re: Re: This just in: Firewalls are obsolete Dave Aitel (Jul 13)