Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Next Generation Security Architecture - TO MODERATOR - CORRECTED COPY

From: Bill_Royds () pch gc ca
Date: Wed, 21 Feb 2001 11:07:50 -0500
The problem with firewalls is that they are advertised as security devices when
they really are only  protocol checking devices.
The verify that the protocol follows the rules at the particular layer (level3-4
for stateful packet filter, level 7 for ALG) but they don't protect from attacks
that do not break the protocol.
Most Internet service protocols were not designed with security in mind (FTP
anyone) so there are many ways to bypass a security policy without breaking the
protocol. Perhaps if firewalls were also IDS systems that could monitor for
signatures, then the firewall could be closer to being a security device. But at
the present state of the art, they do not provide effective security.
They are still are useful in ensuring cleaner traffic, but they don't ensure
safe traffic.


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: