Firewall Wizards mailing list archives

Re: Firewalls Compared

From: Devdas Bhagat <devdas () dvb homelinux org>
Date: Tue, 29 Jun 2004 23:18:56 +0530

On 28/06/04 19:08 -0400, Eugene Kuznetsov wrote:

With the increasing focus on application layer attacks, the day
of packet-filters even being termed "firewalls" is pretty much over.
Packet filters were barely firewalls to begin with, but today, the
fight's mostly up in Layer 7 where they have no value.


Hmm, I do not think that "firewall" is the right term for devices that
operate at layer 7 or "layer 8". Not on grounds of technical correctness,
but of common usage. If a big challenge for making a more secure world is

A firewall is a system that separates two networks with varying levels
of access for the user under consideration. This may consist of one or
more of packet filters and application level gateways/proxies in various
combinations. The packet filters may or may not maintain state, and the
proxies may or may not do AAA.
The core factor is that they provide a clearly defined boundary between
two networks.

information and education about threats and best practices, the term
"firewall" does more harm than good. One man's application firewall is
another woman's application proxy and someone else's packet filter.

Uh, no. A firewall is a firewall is a firewall. A firewall consists of
various components, some of which may even be absent.

In my experience, what most normal people mean by "firewall" is a box that
does not do any TCP termination or deep inspection, but instead simply
allows and disallows connections at certain IP ports. That box may be
capable of doing more, but usually that capability is not being used.

What do you mean by "normal people"?  People who do not understand
security? Those people should not have to be involved in implementing
security systems. People who are involved in security need to understand
what they are doing.
This applies to just about anything, not only computer security.

Devdas Bhagat
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: Firewalls Compared, (continued)
- - - Re: Firewalls Compared Devdas Bhagat (Jun 22)
    - Re: Firewalls Compared Paul D. Robertson (Jun 22)
    - Re: Firewalls Compared Devdas Bhagat (Jun 22)
    - Re: Firewalls Compared Paul D. Robertson (Jun 23)
    - RE: Firewalls Compared Laura Taylor (Jun 26)
    - Re: Firewalls Compared ArkanoiD (Jun 28)
    - RE: Firewalls Compared Laura Taylor (Jun 28)
    - Re: Firewalls Compared Marcus J. Ranum (Jun 28)
    - RE: Firewalls Compared Eugene Kuznetsov (Jun 29)
    - RE: Firewalls Compared Ben Nagy (Jun 30)
    - Re: Firewalls Compared Devdas Bhagat (Jun 30)
    - Re: Firewalls Compared Crispin Cowan (Jun 30)
    - Message not available
    - Re: Firewalls Compared ArkanoiD (Jun 29)
    - Message not available
    - Re: Firewalls Compared Dave Piscitello (Jun 24)
- Re: Firewalls Compared Norman Zhang (Jun 21)
  - RE: Re: Firewalls Compared Christopher Lee (Jun 21)
- RE: Firewalls Compared Stiennon,Richard (Jun 29)
  - RE: Firewalls Compared Ben Nagy (Jun 30)
  - Re: Firewalls Compared Devdas Bhagat (Jun 30)
  - Message not available
    - RE: Firewalls Compared Marcus J. Ranum (Jun 30)
  - RE: Firewalls Compared Jim Seymour (Jun 30)