Re: How automate firewall tests

["haim [howard] roman" <roman () jct ac il>]

-------- Original Message  --------
From: jseymour () linxnet com (Jim Seymour)
To: firewall-wizards () listserv cybertrust com
Subject: Re:[fw-wiz] How automate firewall tests
Date: Wed Aug 23 17:49:46 2006

> "R. DuFresne" <dufresne () sysinfo com> wrote:
>   
> > On Fri, 18 Aug 2006, Keith A. Glass wrote:
> >     
> [snip]
>   
> > > Well. . .we packet-filter at the border routers and switches prior to the 
> > > border firewall to take some of the load off. . .but then ALL our routers
> > > are 
> > > set to packet filter as an additional security measure. . .
> > >
> > >
> > >       
> > It might amaze a number of folks to learn how uncommon this setup is these 
> > days.
> >     
> [snip]
>
> In a way it amazes me, and in a way it does not.  It amazes me in that
> it's such a logical thing to do, I'm at a loss as to understand why
> somebody wouldn't.  (I'm speaking in general terms.  I'm sure there are
> perfectly valid exceptions.)  It does not amaze me in that I've come to
> the conclusion that competence is (increasingly) a rare thing.
>
> The router needs to protect itself.  The router can also aid in the
> protection of the firewall.  The router can also take some of the load
> off the firewall.
>
>   

Like everything else, you have to plan this well.  If you end up with 
too many redundant rules on different network equipment, you give 
yourself a management headache. 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Haim (Howard) Roman
Computer Center, Jerusalem College of Technology
roman () jct ac il



_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards