Firewall Wizards mailing list archives
Re: Next Generation Security Architecture - TO MODERATOR - CORRECTED COPY
From: Bill_Royds () pch gc ca
Date: Wed, 21 Feb 2001 11:07:50 -0500
The problem with firewalls is that they are advertised as security devices when they really are only protocol checking devices. The verify that the protocol follows the rules at the particular layer (level3-4 for stateful packet filter, level 7 for ALG) but they don't protect from attacks that do not break the protocol. Most Internet service protocols were not designed with security in mind (FTP anyone) so there are many ways to bypass a security policy without breaking the protocol. Perhaps if firewalls were also IDS systems that could monitor for signatures, then the firewall could be closer to being a security device. But at the present state of the art, they do not provide effective security. They are still are useful in ensuring cleaner traffic, but they don't ensure safe traffic. _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Next Generation Security Architecture - TO MODERATOR - CORRECTED COPY agetchel (Feb 20)
- Re: Next Generation Security Architecture - TO MODERATOR - CORRECTED COPY Darren Reed (Feb 20)
- Re: Next Generation Security Architecture - TO MODERATOR - CORRECTED COPY Ng Pheng Siong (Feb 21)
- Re: Next Generation Security Architecture - TO MODERATOR - CORRECTED COPY Robert Collins (Feb 25)
- Re: Next Generation Security Architecture - TO MODERATOR - CORRECTED COPY Ng Pheng Siong (Feb 26)
- Reversise Proxies? (was Re: Next Generation Security Architecture - TO MODERATOR - CORRECTED COPY) Robert Collins (Feb 26)
- Re: Next Generation Security Architecture - TO MODERATOR - CORRECTED COPY Robert Collins (Feb 25)
- <Possible follow-ups>
- Re: Next Generation Security Architecture - TO MODERATOR - CORRECTED COPY Bill_Royds (Feb 21)
- RE: Next Generation Security Architecture - TO MODERATOR - CORRECTED COPY MONTENEGRO,FERNANDO (HP-Canada,ex1) (Feb 26)