Re: what should I do when....

[Adriel Desautels <adriel () netragard com>]

Great,
        You must be using the right one then.

Regards,
        Adriel T. Desautels
        Chief Technology Officer
        Netragard, LLC.
        Office : 617-934-0269
        Mobile : 617-633-3821
        http://www.linkedin.com/pub/1/118/a45

        Join the Netragard, LLC. Linked In Group:
        http://www.linkedin.com/e/gis/48683/0B98E1705142

---------------------------------------------------------------
Netragard, LLC - http://www.netragard.com  -  "We make IT Safe"
Penetration Testing, Vulnerability Assessments, Website Security

Netragard Whitepaper Downloads:
-------------------------------
Choosing the right provider : http://tinyurl.com/2ahk3j
Three Things you must know  : http://tinyurl.com/26pjsn


William Mohney wrote:
> I can't argue with "simple, clean, and well managed".  But the Firewall
> is one of the simple tools I use.
>
> Bill  
>
>
> -----Original Message-----
> From: Adriel Desautels [mailto:adriel () netragard com] 
> Sent: Friday, July 11, 2008 2:35 PM
> To: William Mohney
> Cc: Ansgar -59cobalt- Wiechers; security-basics () securityfocus com
> Subject: Re: what should I do when....
>
> What about not using all the tools and only using the ones you need in a
>
> simple, clean, and well managed configuration?   ;]
>
> Regards,
>         Adriel T. Desautels
>         Chief Technology Officer
>         Netragard, LLC.
>         Office : 617-934-0269
>         Mobile : 617-633-3821
>         http://www.linkedin.com/pub/1/118/a45
>
>         Join the Netragard, LLC. Linked In Group:
>         http://www.linkedin.com/e/gis/48683/0B98E1705142
>
> ---------------------------------------------------------------
> Netragard, LLC - http://www.netragard.com  -  "We make IT Safe"
> Penetration Testing, Vulnerability Assessments, Website Security
>
> Netragard Whitepaper Downloads:
> -------------------------------
> Choosing the right provider : http://tinyurl.com/2ahk3j Three Things you
> must know  : http://tinyurl.com/26pjsn
>
>
> William Mohney wrote:
> > No one tool protects "enough".  That's why we use all the tools.
> >
> > Bill
> >
> >
> > -----Original Message-----
> > From: listbounce () securityfocus com 
> > [mailto:listbounce () securityfocus com]
> > On Behalf Of Adriel Desautels
> > Sent: Friday, July 11, 2008 9:14 AM
> > To: Ansgar -59cobalt- Wiechers
> > Cc: security-basics () securityfocus com
> > Subject: Re: what should I do when....
> >
> > Ansgar,
> >         You are right, I am wrong. A firewall is not a traffic shaping
> device 
> > and I was using the wrong terminology (which doesn't happen very 
> > often, but its somewhat refreshing when it does and I'm corrected).
> >
> >         I do stand by my *opinion* that a firewall is not a security
> device 
> > but is a traffic control device. My opinion can be contradicted as the
>
> > definition of security is to protect from harm, and firewalls do 
> > protect
> >
> > some systems from harm. That is not enough to make me change my mind 
> > though. Firewalls do not protect *enough* and are easy enough to 
> > circumvent.
> >
> > Regards,
> >         Adriel T. Desautels
> >         Chief Technology Officer
> >         Netragard, LLC.
> >         Office : 617-934-0269
> >         Mobile : 617-633-3821
> >         http://www.linkedin.com/pub/1/118/a45
> >
> >         Join the Netragard, LLC. Linked In Group:
> >         http://www.linkedin.com/e/gis/48683/0B98E1705142
> >
> > ---------------------------------------------------------------
> > Netragard, LLC - http://www.netragard.com  -  "We make IT Safe"
> > Penetration Testing, Vulnerability Assessments, Website Security
> >
> > Netragard Whitepaper Downloads:
> > -------------------------------
> > Choosing the right provider : http://tinyurl.com/2ahk3j Three Things 
> > you must know  : http://tinyurl.com/26pjsn
> >
> >
> > Ansgar -59cobalt- Wiechers wrote:
> > > On 2008-07-10 Adriel Desautels wrote:
> > > > What I said is not wrong, it is actually very accurate.
> > > No.
> > >
> > > > Firewalls are traffic shaping devices and it is my opinion that they
>
> > > > are not security devices. In fact, I'm not sure what you disagree 
> > > > with.
> > > Look up the definition of "traffic shaping" (e.g. [1]). Look up the 
> > > definition of "firewall" (e.g. [2]). Notice the difference.
> > >
> > > > I said:
> > > >
> > > > "It is my opinion that firewalls are not security devices as much as
>
> > > > they are traffic shaping devices. Their job is to control network 
> > > > connections and the flow of traffic, not to ensure that something 
> > > > can't be hacked."
> > > >
> > > > You accused me of being wrong, but then you said:
> > > >
> > > > "A firewall is the implementation of a concept of what kind of
> > traffic
> > > > you want to allow or disallow between any two given networks."
> > > >
> > > > Isn't that what I said?
> > > No.
> > >
> > > > You are in fact shaping traffic by controlling what goes in and out.
> > I
> > > > suppose my use of the term "Traffic Shaping" could be argued.
> > > No.
> > >
> > > Firewalls accept or deny access based on their ruleset. Traffic
> > shaping
> > > devices don't decide whether to accept or deny anything, but modify 
> > > packet rates in order to optimize network performance and/or 
> > > bandwidth usage. Two entirely different concepts, using different 
> > > means to
> > achieve
> > > different ends.
> > >
> > > > I do think that firewalls can be used to enforce certain policies
> > that
> > > > are security oriented, but firewalls are not in my opinion security 
> > > > devices.
> > > Then your opinion is wrong. Plain and simple.
> > >
> > > The decision what you want to allow or disallow into or out of your 
> > > network is by any means a security decision. Firewalls implement and 
> > > enforce this decision on a technical level and therefore are by 
> > > definition security devices.
> > >
> > > [1] http://en.wikipedia.org/wiki/Traffic_shaping
> > > [2] http://en.wikipedia.org/wiki/Firewall
> > >
> > > Regards
> > > Ansgar Wiechers