Re: are firewalls limited to only protecting ehternet connections?

["Steven M. Bellovin" <smb () research att com>]

In message <Pine.LNX.3.96.981006191950.26864B-100000 () darkstar sysinfo com>, "R.
 DuFresne" writes:

> > Yah -- no firewall at all.
...
> >
>
> Ahh, but still, this presumes that the video server is *only* a video
> server, and such is not the trend on the net.  The trend is to toss in
> everything, perhaps distribute it to a number of machines dedicated to a
> speciafic service or two, yet, clump all services from the ISP/net serving
> the users.  And pipes are getting larger...

You may or may not be right in general.  But your own numbers spec'ed a
20 Gbps box -- that's sounds very specialized to me...

Now, one might want to integrate the Web server with the video server.
But a firewall won't help you there; the vulnerable spot -- port 80 --
is precisely the one that has to be open.

On a more general note, servers are asympotically free -- the real cost,
for most people, is running the boxes, not buying them.  You're much
better off spreading things out and using dedicated widgets.  And
by all means, harden them!