Firewall Wizards mailing list archives
Re: Firewalls Compared
From: Devdas Bhagat <devdas () dvb homelinux org>
Date: Tue, 29 Jun 2004 23:18:56 +0530
On 28/06/04 19:08 -0400, Eugene Kuznetsov wrote:
With the increasing focus on application layer attacks, the day of packet-filters even being termed "firewalls" is pretty much over. Packet filters were barely firewalls to begin with, but today, the fight's mostly up in Layer 7 where they have no value.Hmm, I do not think that "firewall" is the right term for devices that operate at layer 7 or "layer 8". Not on grounds of technical correctness, but of common usage. If a big challenge for making a more secure world is
A firewall is a system that separates two networks with varying levels of access for the user under consideration. This may consist of one or more of packet filters and application level gateways/proxies in various combinations. The packet filters may or may not maintain state, and the proxies may or may not do AAA. The core factor is that they provide a clearly defined boundary between two networks.
information and education about threats and best practices, the term "firewall" does more harm than good. One man's application firewall is another woman's application proxy and someone else's packet filter.
Uh, no. A firewall is a firewall is a firewall. A firewall consists of various components, some of which may even be absent.
In my experience, what most normal people mean by "firewall" is a box that does not do any TCP termination or deep inspection, but instead simply allows and disallows connections at certain IP ports. That box may be capable of doing more, but usually that capability is not being used.
What do you mean by "normal people"? People who do not understand security? Those people should not have to be involved in implementing security systems. People who are involved in security need to understand what they are doing. This applies to just about anything, not only computer security. Devdas Bhagat _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Firewalls Compared, (continued)
- Re: Firewalls Compared Devdas Bhagat (Jun 22)
- Re: Firewalls Compared Paul D. Robertson (Jun 22)
- Re: Firewalls Compared Devdas Bhagat (Jun 22)
- Re: Firewalls Compared Paul D. Robertson (Jun 23)
- RE: Firewalls Compared Laura Taylor (Jun 26)
- Re: Firewalls Compared ArkanoiD (Jun 28)
- RE: Firewalls Compared Laura Taylor (Jun 28)
- Re: Firewalls Compared Marcus J. Ranum (Jun 28)
- RE: Firewalls Compared Eugene Kuznetsov (Jun 29)
- RE: Firewalls Compared Ben Nagy (Jun 30)
- Re: Firewalls Compared Devdas Bhagat (Jun 30)
- Re: Firewalls Compared Crispin Cowan (Jun 30)
- Message not available
- Re: Firewalls Compared ArkanoiD (Jun 29)
- Message not available
- Re: Firewalls Compared Dave Piscitello (Jun 24)
- RE: Re: Firewalls Compared Christopher Lee (Jun 21)
- RE: Firewalls Compared Ben Nagy (Jun 30)
- Re: Firewalls Compared Devdas Bhagat (Jun 30)
- Message not available
- RE: Firewalls Compared Marcus J. Ranum (Jun 30)