Re: Firewall Primitives

[Predrag Zivic <pzivic () yahoo com>]

> The fact that there are HUGE numbers of new
> protocols and
> many of them are designed by idiots, poorly
> documented, and
> proprietary makes packet-filtering firewalls nearly
> a
> necesssity. It's why (in the early days) CheckPoint
> did
> so well: you could let some braindamaged cruft
> through a
> checkpoint more easily than through a proxy
> firewall.
> Note: I said "let through" not "secure" - though
> there
> were people who felt that going and telling a
> firewall
> "let Oracle back and forth on port XYZ" meant that
> the firewall was somehow "securing Oracle." 
> Fortunately
> Oracle is now unbreakable...
Hey, I would add PIX to the exact same group. It is
the quickest firewall out there, since it does let
through everytihing:-)) Marcus, you are exactly on the
spot with protocols and security. 
Well, I think that in the next two years, morronic
stuff like "secure filtering" and "Six As of Security"
will die down as people become more educated, or am I
just dreaming...
It is upon us to fight with "we secure everything"
marketing claims; or are we going to be a group of Don
Quihotes...

pez


__________________________________________________
Do you Yahoo!?
U2 on LAUNCH - Exclusive greatest hits videos
http://launch.yahoo.com/u2
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards