Re: Firewall rules order and performance

[K K <kkadow () gmail com>]

Only if your "firewall" is a lowly stateful inspection packet filter,
and is not deeply aware of the higher level protocols...

The idea behind "deep inspection" and protocol validating proxy
firewalls was in part to filter out attacks before they reach
vulnerable servers/clients.   They do make the attacker's job more
difficult.

KK

On 7/28/09, Eric Gearhart <eric () nixwizard net> wrote:
> On Mon, Jul 27, 2009 at 1:21 AM, Jean-Denis Gorin<jdgorin () computer org>
> wrote:
> > Who remember that firewalls (as application gateways) was designed to
> > solve (or
> > to ease a lot) the patch management problem?
> > Now, we are back to patch management as the solution for all problems
> > because
> > dumb people (managers, marketers, buyers, system admins, network admins,
> > developers, or whatever fit your situation) are unable (or unwilling) to
> > understand what is a firewall, and what is it due for...
>
> Part of the problem with your argument is that in order for e,g, a web
> server to be reached, port 80 (and maybe port 443) have to be allowed
> through the firewall. That fact alone means that the webservers have
> to be patched, because as long as the firewall is allowing legitimate
> traffic through, it could also be allowing malicious traffic
> through...
>
> --
> Eric
> http://nixwizard.net
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () listserv icsalabs com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

-- 
Sent from my mobile device
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards