nanog mailing list archives
Re: I don't need no stinking firewall!
From: Mark Smith <nanog () 85d5b20a518b8f6864949bd940457dc124746ddc nosense org>
Date: Wed, 6 Jan 2010 09:19:30 +1030
On Tue, 5 Jan 2010 14:16:58 -0600 "Brian Johnson" <bjohnson () drtel com> wrote:
Security Gurus, et al, I have my own idea of what a firewall is and what it does. I also understand what statefull packet inspection is and what it does. Given this information, and not prejudging any responses, exactly what is a firewall for and when is statefull inspection useful?
First thing to work out is your threat model. Once you've worked out what you're trying to protect, who you're trying to protect it from, and what techniques they're likely use to break that protection, you can then work out if a firewall is the right tool, then work out how many to have and where (network perimeter only, network perimeter + hosts, network perimeter + hosts + in application protection (e.g. authentication like in ssh - remember, it's people that are your real threat, not machines and their IP addresses - those are just the tools people use). The trap is to think technology like firewalls are only thing you need to worry about. Unfortunately they won't stop the building cleaners from lifting things out of the bins under desks.
Please respond on-list as I want to have some useful discourse and discussion in the clear. Flamers and Trolls will be disregarded. :) Thank you. - Brian CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, copying, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Thank you.
Current thread:
- Re: I don't need no stinking firewall!, (continued)
- Re: I don't need no stinking firewall! Henry Yen (Jan 11)
- Re: I don't need no stinking firewall! Tony Finch (Jan 05)
- Re: I don't need no stinking firewall! Peter Hicks (Jan 05)
- Re: I don't need no stinking firewall! Brielle Bruns (Jan 05)
- Re: I don't need no stinking firewall! Tony Finch (Jan 05)
- Re: I don't need no stinking firewall! Mark Smith (Jan 05)
- Re: I don't need no stinking firewall! Peter Hicks (Jan 05)
- Message not available
- Re: I don't need no stinking firewall! William Herrin (Jan 05)
- Re: I don't need no stinking firewall! Fred Baker (Jan 05)
- Re: I don't need no stinking firewall! Sean Donelan (Jan 05)
- Re: I don't need no stinking firewall! Kenny Sallee (Jan 05)
- Re: I don't need no stinking firewall! Mark Smith (Jan 05)
- Re: I don't need no stinking firewall! James Hess (Jan 05)
- Re: I don't need no stinking firewall! Rich Kulawiec (Jan 05)
- Re: I don't need no stinking firewall! William Herrin (Jan 05)
- Re: I don't need no stinking firewall! Jorge Amodio (Jan 05)
- Re: I don't need no stinking firewall! David Hiers (Jan 06)
- RE: I don't need no stinking firewall! Brandon M. Lapointe (Jan 06)
- RE: I don't need no stinking firewall! gb10hkzo-nanog (Jan 06)
- RE: I don't need no stinking firewall! Joel Snyder (Jan 08)