Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: what should I do when....

From: Adriel Desautels <adriel () netragard com>
Date: Thu, 10 Jul 2008 11:12:53 -0400
Ansgar,
What I said is not wrong, it is actually very accurate. Firewalls are traffic shaping devices and it is my opinion that they are not security devices. In fact, I'm not sure what you disagree with. 

        I said:

"It is my opinion that firewalls are not security devices as much as
they are traffic shaping devices. Their job is to control network
connections and the flow of traffic, not to ensure that something
can't be hacked."

You accused me of being wrong, but then you said:
"A firewall is the implementation of a concept of what kind of traffic you want to allow or disallow between any two given networks."
Isn't that what I said? You are in fact shaping traffic by controlling what goes in and out. I suppose my use of the term "Traffic Shaping" could be argued.
I do think that firewalls can be used to enforce certain policies that are security oriented, but firewalls are not in my opinion security devices. 

Regards,
        Adriel T. Desautels
        Chief Technology Officer
        Netragard, LLC.
        Office : 617-934-0269
        Mobile : 617-633-3821
        http://www.linkedin.com/pub/1/118/a45

        Join the Netragard, LLC. Linked In Group:
        http://www.linkedin.com/e/gis/48683/0B98E1705142

---------------------------------------------------------------
Netragard, LLC - http://www.netragard.com  -  "We make IT Safe"
Penetration Testing, Vulnerability Assessments, Website Security

Netragard Whitepaper Downloads:
-------------------------------
Choosing the right provider : http://tinyurl.com/2ahk3j
Three Things you must know  : http://tinyurl.com/26pjsn


Ansgar -59cobalt- Wiechers wrote:

On 2008-07-09 Adriel Desautels wrote:

        You can not bullet proof a computer system by using a firewall even if
        you block all traffic to and from that system.


If you carefully re-read my mail you'll notice that I didn't claim
anything like that. I said that both tasks are equally difficult.


In most configurations firewalls block inbound connection attempts to
*internal* systems, while they permit outbound attempts from those
systems.

It is my opinion that firewalls are not security devices as much as
they are traffic shaping devices. Their job is to control network
connections and the flow of traffic, not to ensure that something
can't be hacked.


That's just plain wrong. Even if you think of firewalls as mere packet
filtering devices they still control which connections may or may not be
established inbound and/or outbound. That is most certainly a security
feature.

However, firewalls are not limited to being mere packet filters. A
firewall is the implementation of a concept of what kind of traffic you
want to allow or disallow between any two given networks. On top of
packet filters a firewall may include DMZs, proxies (for application
layer filtering), virus scanners, VPN endpoints, and various other
measures.

Regards
Ansgar Wiechers
Previous By Date Next
Previous By Thread Next

Current thread: