Firewall Wizards mailing list archives
Re: are firewalls limited to only protecting ehternet connections?
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Tue, 6 Oct 1998 19:23:45 -0500 (CDT)
On Tue, 6 Oct 1998, Steven M. Bellovin wrote:
In message <000001bdf148$b1086a60$0b6fe2a5 () Pent266 BITCOMM com>, "KirkAdams" wrOne reason I see this as important is for the impending "streaming video" market that will be implemented. Basically the new "BlockBusters". Some video servers claim 20,000 concurrent 1 Meg video streams capability. So ... where do the switches come from to handle that. I've heard quotes of blah,blah gig backplanes, since I was checking on this myself and I raised the security question, (without any answers I might add). Since these services are likely to be prime targets of BOTH the super hacks and the existing cable thieves a good firewall would be REALLY important. OK, guys. That's the market potential. Any suggestions on something that'll handle it?Yah -- no firewall at all. I'm perfectly serious. Why should a video server need a firewall? You install firewalls to protect services -- ports -- that can't protect themselves. Video servers are not general-purpose computers. They don't need to run sendmail, they don't have regular users who pick guessable passwords, etc. Taken to the limit, such a beast needs to listen on exactly two ports, and talk on one -- it needs to hear requests (probably from the Web server the customer is talking to), and it needs an administrative access port. It's no trick to design those services to (a) use cryptographic authentication, and/or (b) to be on a physically different wire than the video output.
Ahh, but still, this presumes that the video server is *only* a video server, and such is not the trend on the net. The trend is to toss in everything, perhaps distribute it to a number of machines dedicated to a speciafic service or two, yet, clump all services from the ISP/net serving the users. And pipes are getting larger... Thanks, Ron Dufresne ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior consultant: darkstar.sysinfo.com http://darkstar.sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too!
Current thread:
- Re: are firewalls limited to only protecting ehternet connections? Darren Reed (Oct 01)
- RE: are firewalls limited to only protecting ehternet connections? KirkAdams (Oct 06)
- Re: are firewalls limited to only protecting ehternet connections? Darren Reed (Oct 13)
- <Possible follow-ups>
- Re: are firewalls limited to only protecting ehternet connections? Steven M. Bellovin (Oct 07)
- Re: are firewalls limited to only protecting ehternet connections? R. DuFresne (Oct 07)
- Re: are firewalls limited to only protecting ehternet connections? ICMan (Oct 09)
- Re: are firewalls limited to only protecting ehternet connections? Steven M. Bellovin (Oct 07)
- Re: are firewalls limited to only protecting ehternet connections? Steven M. Bellovin (Oct 09)
- RE: are firewalls limited to only protecting ehternet connections? KirkAdams (Oct 06)