Re: I don't need no stinking firewall!

[Mark Smith <nanog () 85d5b20a518b8f6864949bd940457dc124746ddc nosense org>]

On Tue, 5 Jan 2010 14:16:58 -0600
"Brian Johnson" <bjohnson () drtel com> wrote:

> Security Gurus, et al,
>
> I have my own idea of what a firewall is and what it does. I also
> understand what statefull packet inspection is and what it does. Given
> this information, and not prejudging any responses, exactly what is a
> firewall for and when is statefull inspection useful?

First thing to work out is your threat model. Once you've worked out
what you're trying to protect, who you're trying to protect it from,
and what techniques they're likely use to break that protection, you
can then work out if a firewall is the right tool, then work out how
many to have and where (network perimeter only, network perimeter +
hosts, network perimeter + hosts + in application protection (e.g.
authentication like in ssh - remember, it's people that are your real
threat, not machines and their IP addresses - those are just the tools
people use).

The trap is to think technology like firewalls are only thing you
need to worry about. Unfortunately they won't stop the building
cleaners from lifting things out of the bins under desks.


> Please respond on-list as I want to have some useful discourse and
> discussion in the clear. Flamers and Trolls will be disregarded. :)
>
> Thank you.
>
>  - Brian
>
>
>  CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the
> intended recipient(s) and may contain confidential and privileged information. Any unauthorized review,
> copying, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please
> contact the sender by reply e-mail and destroy all copies of the original message. Thank you.