Re: what should I do when....

[Adriel Desautels <adriel () netragard com>]

William,
	I can't agree with you more that no single tool protects enough. That 
said, I don't know why people started saying that they use "all the 
tools", that in and of its self would be a mess. What tools people are 
actually using would make an interesting conversation though. ;]

Regards,
        Adriel T. Desautels
        Chief Technology Officer
        Netragard, LLC.
        Office : 617-934-0269
        Mobile : 617-633-3821
        http://www.linkedin.com/pub/1/118/a45

        Join the Netragard, LLC. Linked In Group:
        http://www.linkedin.com/e/gis/48683/0B98E1705142

---------------------------------------------------------------
Netragard, LLC - http://www.netragard.com  -  "We make IT Safe"
Penetration Testing, Vulnerability Assessments, Website Security

Netragard Whitepaper Downloads:
-------------------------------
Choosing the right provider : http://tinyurl.com/2ahk3j
Three Things you must know  : http://tinyurl.com/26pjsn


William Mohney wrote:
> No one tool protects "enough".  That's why we use all the tools.
>
> Bill  
>
>
> -----Original Message-----
> From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
> On Behalf Of Adriel Desautels
> Sent: Friday, July 11, 2008 9:14 AM
> To: Ansgar -59cobalt- Wiechers
> Cc: security-basics () securityfocus com
> Subject: Re: what should I do when....
>
> Ansgar,
>         You are right, I am wrong. A firewall is not a traffic shaping
> device 
> and I was using the wrong terminology (which doesn't happen very often, 
> but its somewhat refreshing when it does and I'm corrected).
>
>         I do stand by my *opinion* that a firewall is not a security
> device but 
> is a traffic control device. My opinion can be contradicted as the 
> definition of security is to protect from harm, and firewalls do protect
>
> some systems from harm. That is not enough to make me change my mind 
> though. Firewalls do not protect *enough* and are easy enough to 
> circumvent.
>
> Regards,
>         Adriel T. Desautels
>         Chief Technology Officer
>         Netragard, LLC.
>         Office : 617-934-0269
>         Mobile : 617-633-3821
>         http://www.linkedin.com/pub/1/118/a45
>
>         Join the Netragard, LLC. Linked In Group:
>         http://www.linkedin.com/e/gis/48683/0B98E1705142
>
> ---------------------------------------------------------------
> Netragard, LLC - http://www.netragard.com  -  "We make IT Safe"
> Penetration Testing, Vulnerability Assessments, Website Security
>
> Netragard Whitepaper Downloads:
> -------------------------------
> Choosing the right provider : http://tinyurl.com/2ahk3j
> Three Things you must know  : http://tinyurl.com/26pjsn
>
>
> Ansgar -59cobalt- Wiechers wrote:
> > On 2008-07-10 Adriel Desautels wrote:
> > > What I said is not wrong, it is actually very accurate.
> > No.
> >
> > > Firewalls are traffic shaping devices and it is my opinion that they
> > > are not security devices. In fact, I'm not sure what you disagree
> > > with.
> > Look up the definition of "traffic shaping" (e.g. [1]). Look up the
> > definition of "firewall" (e.g. [2]). Notice the difference.
> >
> > > I said:
> > >
> > > "It is my opinion that firewalls are not security devices as much as
> > > they are traffic shaping devices. Their job is to control network
> > > connections and the flow of traffic, not to ensure that something
> > > can't be hacked."
> > >
> > > You accused me of being wrong, but then you said:
> > >
> > > "A firewall is the implementation of a concept of what kind of
> traffic 
> > > you want to allow or disallow between any two given networks."
> > >
> > > Isn't that what I said?
> > No.
> >
> > > You are in fact shaping traffic by controlling what goes in and out.
> I
> > > suppose my use of the term "Traffic Shaping" could be argued.
> > No.
> >
> > Firewalls accept or deny access based on their ruleset. Traffic
> shaping
> > devices don't decide whether to accept or deny anything, but modify
> > packet rates in order to optimize network performance and/or bandwidth
> > usage. Two entirely different concepts, using different means to
> achieve
> > different ends.
> >
> > > I do think that firewalls can be used to enforce certain policies
> that
> > > are security oriented, but firewalls are not in my opinion security
> > > devices.
> > Then your opinion is wrong. Plain and simple.
> >
> > The decision what you want to allow or disallow into or out of your
> > network is by any means a security decision. Firewalls implement and
> > enforce this decision on a technical level and therefore are by
> > definition security devices.
> >
> > [1] http://en.wikipedia.org/wiki/Traffic_shaping
> > [2] http://en.wikipedia.org/wiki/Firewall
> >
> > Regards
> > Ansgar Wiechers