Firewall Wizards mailing list archives
Re: Firewall Primitives
From: Victoria of Borg <vicofborg () myrealbox com>
Date: 04 Nov 2002 21:48:44 -0600
On Mon, 2002-11-04 at 19:24, George Capehart wrote:
This is interesting. So, a firewall really should/could/might be a multi-layer, multi-protocol switch . . .
That would be how I read it. A firewall should be able to inspect and make access-decisions on content anywhere from the ip level all the way up to (and beyond) the application level. Anything less in an invitation to circumvention. A firewall needs to do more than just Keep The Bad Guys Out. It also needs to make sure my own users are not trying to be bad guys too. And 'bad guy' can be anything from active hack attempts, to creative ways to get their IM working around that pesky firewall. With the ability to encapsulate protocols within other protocols, it becomes even more important that the firewall understand when that is happening. And that requires very detailed content inspection. This is why, IMHO of course, the abstract concept of "firewall" is in reality a group of machines in most places. A packet-filtering box called a 'firewall', perhaps a connection-oriented 'firewall', one or several, 'application-level gateways' (proxies, by most people's naming), and sneaky QoS configs on the router(s). All of which serves as an enforcement mechanism for the written policy. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Firewall Primitives Cat Okita (Nov 01)
- Message not available
- Re: Firewall Primitives Marcus J. Ranum (Nov 04)
- Re: Firewall Primitives George Capehart (Nov 04)
- Re: Firewall Primitives Victoria of Borg (Nov 05)
- Re: Firewall Primitives Magosányi Árpád (Nov 05)
- Re: Firewall Primitives Crispin Cowan (Nov 05)
- Re: Firewall Primitives George Capehart (Nov 05)
- Re: Firewall Primitives Crispin Cowan (Nov 06)
- Re: Firewall Primitives Marcus J. Ranum (Nov 06)
- Re: Firewall Primitives Devdas Bhagat (Nov 06)
- Re: Firewall Primitives Marcus J. Ranum (Nov 06)
- Re: Firewall Primitives Devdas Bhagat (Nov 07)
- Re: Firewall Primitives Adam Shostack (Nov 09)
- BS claims (was Re: Firewall Primitives) Marcus J. Ranum (Nov 09)
- Re: Firewall Primitives Marcus J. Ranum (Nov 04)
- Message not available