Firewall Wizards mailing list archives
Re: Evolution of Firewalls
From: Frederick M Avolio <fred () avolio com>
Date: Sun, 07 Mar 2004 20:48:12 -0500
At 11:56 PM 3/4/2004 +0800, skpoo () pacific net sg wrote:
... Our team is currently debating if Stateful Deep Inspection firewall is going be the new technology to replace the Application Proxies firewall which deem to be most secure currently. ...
At the risk of being obvious -- or worse, being called a dinosaur :-), It depends. Do you care more about usability or security? When push comes to shove is it more important to never stop a connection at the risk of the possibility of something bad slipping through? It really is as simple as that. I tell people in one of my classes, you hear about it if you misconfigure your firewall to reject a required action, but will rarely hear about if if you allow too much through. (I stated it as "You always hear about conservative errors but rarely about liberal ones," but that could be taken wrong now-a-days.)
Fred _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Evolution of Firewalls skpoo (Mar 07)
- <Possible follow-ups>
- Re: Evolution of Firewalls Frederick M Avolio (Mar 07)
- Re: Evolution of Firewalls Dave Piscitello (Mar 08)
- Re: Evolution of Firewalls Frederick M Avolio (Mar 08)
- Re: Evolution of Firewalls Dave Piscitello (Mar 09)
- Re: Evolution of Firewalls Frederick M Avolio (Mar 09)
- Re: Evolution of Firewalls Christian Kreibich (Mar 11)
- Re: Evolution of Firewalls Dave Piscitello (Mar 08)
- Re: Evolution of Firewalls ArkanoiD (Mar 09)
- Re: Evolution of Firewalls Patrick M. Hausen (Mar 11)
- Re: Evolution of Firewalls Mikael Olsson (Mar 11)
- Message not available
- Re: Evolution of Firewalls ArkanoiD (Mar 11)
- vpn end-point Shimon Silberschlag (Mar 18)