Firewall Wizards mailing list archives
Re: Antwort: Re: Antwort: Re: Facts, not Fiction
From: Bennett Todd <bet () rahul net>
Date: Mon, 10 Nov 1997 09:23:00 -0800
On Mon, Nov 10, 1997 at 05:16:55PM +0100, Hartmut.Fehling () Hamburg-Mannheimer de wrote:
How far DO YOU (all of you out there) trust the current products to do what they are supposed to do?
What they are _supposed_ to do? That's too subjective for my tastes. I trust most of the major products out there to do what they are documented to do, when the documentation is read with an understanding of the strengths and weaknesses of the implementation. I _don't_ trust them to do what their marketing claims they will do, in most cases. As mjr said, there may be bugs --- especially Denial-of-Service bugs --- in any of the major implementations, but they tend to be fixed quietly by the vendor, without a big hoopola, before they ever get exploited.
Do you cascade them with other products with a similar function to ensure that one bug doesn't open up all ports?
Almost always.
Or does everyone here at least use a combination of FW-Host + securely configured internal Router?
I do it with a securely configured external router, and the only time I don't do multiple-layered defense is when it's a tiny shop, whose budget won't support a screening router, and whose internet connection hardware can't be configured to act as one. -Bennett
Current thread:
- Antwort: Re: Antwort: Re: Facts, not Fiction Hartmut . Fehling (Nov 10)
- Re: Antwort: Re: Antwort: Re: Facts, not Fiction Bennett Todd (Nov 10)
- <Possible follow-ups>
- Re: Antwort: Re: Antwort: Re: Facts, not Fiction Peter Vaterlaus EDV-Systemberatung (Nov 12)