Re: what should I do when....

[Adriel Desautels <adriel () netragard com>]

I certainly agree,
	Let me make clear that firewalls do serve a function in enforcing good 
security, I just don't consider them to be a security device per-sae.

Regards,
        Adriel T. Desautels
        Chief Technology Officer
        Netragard, LLC.
        Office : 617-934-0269
        Mobile : 617-633-3821
        http://www.linkedin.com/pub/1/118/a45

        Join the Netragard, LLC. Linked In Group:
        http://www.linkedin.com/e/gis/48683/0B98E1705142

---------------------------------------------------------------
Netragard, LLC - http://www.netragard.com  -  "We make IT Safe"
Penetration Testing, Vulnerability Assessments, Website Security

Netragard Whitepaper Downloads:
-------------------------------
Choosing the right provider : http://tinyurl.com/2ahk3j
Three Things you must know  : http://tinyurl.com/26pjsn


? aditya mukadam ? wrote:
> Wow, its good to know various viewpoints about firewall. I think
> firewall is absoluetly important and can be considered one of the
> first layer of defense against common exploits which work on known
> ports. Again, it all depends how you make use of it and for that you
> need to know what you are really defending.
>
> For example:
>
> Stateful firewall perform stateful inspection of packets. ie will only
> allow internet traffic to come in to the trusted network(inside of
> firewall) if a connection/session is initiated from one of the
> pc/machines on its trusted network. So,  web initiated evil traffic
> towards the Firewall will get dropped. Mr. Firewall will fail to do
> its job  if the someone just opens email with worms/virus sitting on
> the trusted network. If its a trojan making connection from trusted
> network to internet, Mr. Firewall would not know that :-( . So, we
> would need additional security devices like IPS etc to monitor such
> traffic.
>
> So in short, firewall is important but not sufficient to protect.
>
> Please note there are higher end firewalls ( Juniper SSGs & Cisco
> ASAs) which can have integrated URL filter,IPS module in it. So, more
> the $$$ firewall can be armed with more ammos to fight
> worms/trojans/viruses/attacks etc :-))
>
> Thanks,
> Adi
>
> On Wed, Jul 9, 2008 at 8:30 PM, Adriel Desautels <adriel () netragard com> wrote:
> > Ansgar,
> >        You can not bullet proof a computer system by using a firewall even
> > if you block all traffic to and from that system. In most configurations
> > firewalls block inbound connection attempts to *internal* systems, while
> > they permit outbound attempts from those systems.
> >
> >        It is my opinion that firewalls are not security devices as much as
> > they are traffic shaping devices. Their job is to control network
> > connections and the flow of traffic, not to ensure that something can't be
> > hacked.
> >
> > Regards,
> >        Adriel T. Desautels
> >        Chief Technology Officer
> >        Netragard, LLC.
> >        Office : 617-934-0269
> >        Mobile : 617-633-3821
> >        http://www.linkedin.com/pub/1/118/a45
> >
> >        Join the Netragard, LLC. Linked In Group:
> >        http://www.linkedin.com/e/gis/48683/0B98E1705142
> >
> > ---------------------------------------------------------------
> > Netragard, LLC - http://www.netragard.com  -  "We make IT Safe"
> > Penetration Testing, Vulnerability Assessments, Website Security
> >
> > Netragard Whitepaper Downloads:
> > -------------------------------
> > Choosing the right provider : http://tinyurl.com/2ahk3j
> > Three Things you must know  : http://tinyurl.com/26pjsn
> >
> >
> > Ansgar -59cobalt- Wiechers wrote:
> > > On 2008-07-08 Weir, Jason wrote:
> > > > Quote of the day....
> > > > "Bullet-proofing your systems is as easy as using a firewall"
> > > >
> > > > If it was only true....
> > > It is quite true, you're just underestimating the task of maintaining a
> > > firewall.
> > >
> > > Regards
> > > Ansgar Wiechers