nanog mailing list archives
Re: I don't need no stinking firewall!
From: Rich Kulawiec <rsk () gsp org>
Date: Tue, 5 Jan 2010 21:20:31 -0500
A firewall is another layer in a defense-in-depth strategy, but tends to only be truly effective if the first rule in it is deny all from any to any which of course does not happen much of the time in the real world, with predictable results. Moreover, stateful packet inspection is not the end-all be-all: there's a lot to be said for application-level proxying, and for quasi-realtime traffic analysis. I think of my firewalls as tools which reduce the overwhelming flood of malicious and garbage traffic to a trickle -- which does not necessarily reduce the attack surface or the threats to it, but may at least allow me a better chance of seeing the threats and doing something useful about them. ---Rsk
Current thread:
- Re: I don't need no stinking firewall!, (continued)
- Re: I don't need no stinking firewall! Peter Hicks (Jan 05)
- Re: I don't need no stinking firewall! Brielle Bruns (Jan 05)
- Re: I don't need no stinking firewall! Tony Finch (Jan 05)
- Re: I don't need no stinking firewall! Mark Smith (Jan 05)
- Message not available
- Re: I don't need no stinking firewall! William Herrin (Jan 05)
- Re: I don't need no stinking firewall! Peter Hicks (Jan 05)
- Re: I don't need no stinking firewall! Fred Baker (Jan 05)
- Re: I don't need no stinking firewall! Sean Donelan (Jan 05)
- Re: I don't need no stinking firewall! Kenny Sallee (Jan 05)
- Re: I don't need no stinking firewall! Mark Smith (Jan 05)
- Re: I don't need no stinking firewall! James Hess (Jan 05)
- Re: I don't need no stinking firewall! Rich Kulawiec (Jan 05)
- Re: I don't need no stinking firewall! William Herrin (Jan 05)
- Re: I don't need no stinking firewall! Jorge Amodio (Jan 05)
- Re: I don't need no stinking firewall! David Hiers (Jan 06)
- RE: I don't need no stinking firewall! Brandon M. Lapointe (Jan 06)
- RE: I don't need no stinking firewall! gb10hkzo-nanog (Jan 06)
- RE: I don't need no stinking firewall! Joel Snyder (Jan 08)