Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Evolution of Firewalls

From: Frederick M Avolio <fred () avolio com>
Date: Tue, 09 Mar 2004 13:41:34 -0500
At 01:26 PM 3/9/2004 -0500, Dave Piscitello wrote:
Emphasis on "functionality" not implementation, and "inspect all things that ought to have their own port # but are now tunneled through port 80"(primarily, not exclusively). May the "don't proliferate port number assignment" gods forgive what I suggest here but I honestly don't think we make life any easier by creating one gaping hole than several dozen possibly containable ones.
Well, if we talk "functionality" we can say *functionally* a Firewall-1, a Sidewinder, and my ADSL modem are functionally the same. Distinctions are very important here.
A few months ago I moderated a panel of solution providers, in which the assertion was made that all firewalls basically just filter on IP packets. (See http://www.avolio.com/weblog/security/WhatFirewallsDo.html) I know you aren't saying that, of course, but there are security-significant differences in technology and implementation.
Again, emphasis. I am saying that I'd rather have a competent staffer administering my stateful inspection firewall than one less competent administering my proxy. 

And I say this is a false dilemma. That is *never* the choice.

f



_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: