Firewall Wizards mailing list archives
Re: Phrack #60: "Java tears down the Firewall"
From: Kevin Steves <stevesk () pobox com>
Date: Fri, 10 Jan 2003 15:41:50 -0800
On Tue, Jan 07, 2003 at 11:55:24PM +0100, Mikael Olsson wrote:
of attacks I can think of. Packet filtering routers are not in this category. Most of the firewall are also not in this category, but firewalls in theory could be, while packet filters couldn't. (The last part is the old proxy/packet filter flamewar. Sorry about that.)Ah, here's where we differ in opinion. To me, a firewall is just something that implements my security policy. Now, if my security policy is "I want a red rotating light and a klaxon to go off whenever there's inbound traffic", this light and klaxon (and sensor) would be my firewall. (And I _still_ want to try and get that device certified according to EAL7 darnit! Anyone here want to front me $50K? :)) Seriously though, the "collection of systems" thinking goes deep with me. My favourite design is centered around a small enough to be trusted SPF and has "helper" proxies around it (NOT! on the same box!). For high- security scenarios, I wouldn't let much (any?) traffic between trusted and untrusted networks pass only through the SPF - it'd have to pass through one or more of the helper proxies.
i do agree with the terminology. a firewall is really any perimeter protection mechanism, or more accurately the sum of those mechanisms. i tend to use "firewall system" to mean the sum of the components. 5-6 years ago i was giving a technical sales presentation on HP's VirtualVault product, and i described it as a type of hybrid firewall. the firewall admin at the company jumps up and says "that's not a firewall". so i gave him my definition and asked what his was. it turns out that he didn't consider something a firewall unless it was a gateway with the TIS firewall toolkit. i think that's when i started using the term "terminology handshake". i see someone is mirroring one of my old presentations where i refer to that: http://gmaster.users.ch/DocTech/Securite/SecuriteHPThePsychologyofTesting.pdf _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Phrack #60: "Java tears down the Firewall" Mikael Olsson (Jan 03)
- Re: Phrack #60: "Java tears down the Firewall" Marcus J. Ranum (Jan 03)
- Re: Phrack #60: "Java tears down the Firewall" Mikael Olsson (Jan 03)
- Re: Phrack #60: "Java tears down the Firewall" David Lang (Jan 03)
- Re: Phrack #60: "Java tears down the Firewall" Mikael Olsson (Jan 03)
- Re: Phrack #60: "Java tears down the Firewall" Árpád , Magosányi (Jan 06)
- Re: Phrack #60: "Java tears down the Firewall" Mikael Olsson (Jan 06)
- Re: Phrack #60: "Java tears down the Firewall" Magosnyi rpd (Jan 07)
- Re: Phrack #60: "Java tears down the Firewall" Mikael Olsson (Jan 07)
- Re: Phrack #60: "Java tears down the Firewall" Kevin Steves (Jan 11)
- Re: Phrack #60: "Java tears down the Firewall" Mikael Olsson (Jan 03)
- Re: Phrack #60: "Java tears down the Firewall" Marcus J. Ranum (Jan 03)
- Re: Phrack #60: "Java tears down the Firewall" Gary Flynn (Jan 05)