Re: Host-Base Firewall

[krymson () gmail com]

So, are you saying that because a firewall can't make every perfect decision, they do not equal security? I wonder, do 
they add any value to you at all? What if they do DPI and make smarter decisions?

So if security cannot be found in hardware, does that mean a fancy door lock, card/biometric authentication, and 
mantrap have no value?

Personally, I find value in firewalls. Sure, the security they offer is not perfect, but that doesn't discount them as 
being a part of a solid security regimen. In fact, while there are journalists and other part-time ITers who regularly 
call out about the widening or diminishing perimeters, there is still a definite need to separate networks of different 
trust levels to some degree or other.



I know there will be some here that can smell the straw for the hay in the above, but such a tactic can be useful to 
find the boundaries.


<- snip ->
All,
Firewalls are packet control devices. They do little more than control 
the flow of traffic into and out of your network. Some of them contain 
"defensive" capabilities such as IPS. Those defenses make decisions 
based on the nature of the traffic. Those decisions aren't as accurate 
as they should be because the very medium from which they are forming 
"opinions" is flawed. Traffic can be spoofed/forged/manipulated, so how 
can one trust it.

Security is more of a process than anything else. It is enforced by 
policies, procedures, and the people using technology. Security can not 
be found via hardware. This is a bit philosophical, but I can back this 
up if anyone doesn't understand my perspective.

Regards,
Adriel T. Desautels
Chief Technology Officer
Netragard, LLC.