Re: are firewalls limited to only protecting ehternet connections?

["Steven M. Bellovin" <smb () research att com>]

In message <000001bdf148$b1086a60$0b6fe2a5 () Pent266 BITCOMM com>, "KirkAdams" wr

> One reason I see this as important is for the impending "streaming video"
> market that will be implemented. Basically the new "BlockBusters". Some
> video servers claim 20,000 concurrent 1 Meg video streams capability. So ...
> where do the switches come from to handle that. I've heard quotes of
> blah,blah gig backplanes, since I was checking on this myself and I raised
> the security question, (without any answers I might add). Since these
> services are likely to be prime targets of BOTH the super hacks and the
> existing cable thieves a good firewall would be REALLY important.
>
> OK, guys. That's the market potential. Any suggestions on something that'll
> handle it?

Yah -- no firewall at all.

I'm perfectly serious.  Why should a video server need a firewall?
You install firewalls to protect services -- ports -- that can't protect
themselves.  Video servers are not general-purpose computers.  They
don't need to run sendmail, they don't have regular users who pick
guessable passwords, etc.  Taken to the limit, such a beast needs to
listen on exactly two ports, and talk on one -- it needs to hear requests
(probably from the Web server the customer is talking to), and it needs
an administrative access port.  It's no trick to design those services to
(a) use cryptographic authentication, and/or (b) to be on a physically
different wire than the video output.