Firewall Wizards mailing list archives
Re: Firewalls that generate new packets..
From: Darren Reed <Darren.Reed () Sun COM>
Date: Tue, 27 Nov 2007 21:18:20 -0800
Paul Melson wrote:
... Not at all. My point is that the convenience of state tracking firewalls translates directly into savings for the companies that use them. Because without it, you must document and enforce policy for traffic on your network in both directions.
You're wrong. I suspect what you're comparing is the ease of configuration. If you're not documenting and enforcing a policy for your network traffic in both directions then I'm curious to know why you shouldn't be put in the incompetant basket. Or to put it another way, if you don't have a documented security policy then you don't have anything to enforce with the firewall, so you may as well throw the firewall away and let everyone run free! Companies that have an Internet connection without having a network security policy shouldn't be on the Internet!
State tables allow your firewall to have a deny-all default inbound policy and an allow-all default outbound policy. They allow you to assume that the Internet cannot be trusted and that your internal network can be.
I don't see how this is any different to any other firewall.
Of course these are flawed assumptions.
... I'd encourage you to do more reading, buy some books (remember those paper things?) and do more reading so that you're actually knowledgable about the topic and thus don't need to make flawed assumptions. Darren _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Firewalls that generate new packets.., (continued)
- Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 27)
- Re: Firewalls that generate new packets.. Anton Chuvakin (Nov 27)
- Message not available
- Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 27)
- Re: Firewalls that generate new packets.. Anton Chuvakin (Nov 28)
- Re: Firewalls that generate new packets.. jason (Nov 27)
- Re: Firewalls that generate new packets.. Patrick M. Hausen (Nov 28)
- Re: Firewalls that generate new packets.. Darren Reed (Nov 28)
- Re: Firewalls that generate new packets.. Timothy Shea (Nov 28)
- Re: Firewalls that generate new packets.. Paul Melson (Nov 28)
- Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 28)
- Re: Firewalls that generate new packets.. Darren Reed (Nov 28)
- Re: Firewalls that generate new packets.. Patrick M. Hausen (Nov 28)
- Re: Firewalls that generate new packets.. Darren Reed (Nov 28)
- Re: Firewalls that generate new packets.. Patrick M. Hausen (Nov 29)
- Re: Firewalls that generate new packets.. lordchariot (Nov 29)
- Re: Firewalls that generate new packets.. Cat Okita (Nov 26)
- Re: Firewalls that generate new packets.. Chris Blask (Nov 26)
- Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 26)
- Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 26)
- Re: Firewalls that generate new packets.. Bill McGee (bam) (Nov 26)