Firewall Wizards mailing list archives
Re: Firewalls that generate new packets..
From: "Patrick M. Hausen" <hausen () punkt de>
Date: Thu, 29 Nov 2007 09:19:44 +0100
Hi, Darren,
So what you're really comparing is the default configuration of packet based firewalls with proxy based firewalls.
Well, yes. When engaged in selling Secure Computing gear, I always put an emphasis on the "more reasonable default configuration" and the fact that it's more complicated if not impossible to do something stupid by accident. I also take my time to carefully explain the concept of egress filtering. E.g. does PIX still have these implied rules that say: if I configure port X from here to there, this automatically implies the same access to all interfaces with a lower security level than 'there'? This is the case in 6.x - now, whoever at Cisco came up with this concept should be shot. I have not looked at 7.x or ASA, yet. Kind regards, Patrick M. Hausen Leiter Netzwerke und Sicherheit P.S. I know that PIX access lists do not implement stupid things like the above, but PIX Device Manager does. Now, which is a customer with limited time and knowledge more likely to use? -- punkt.de GmbH * Vorholzstr. 25 * 76137 Karlsruhe Tel. 0721 9109 0 * Fax 0721 9109 100 info () punkt de http://www.punkt.de Gf: Jürgen Egeling AG Mannheim 108285 _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Firewalls that generate new packets.., (continued)
- Re: Firewalls that generate new packets.. Anton Chuvakin (Nov 28)
- Re: Firewalls that generate new packets.. jason (Nov 27)
- Re: Firewalls that generate new packets.. Patrick M. Hausen (Nov 28)
- Re: Firewalls that generate new packets.. Darren Reed (Nov 28)
- Re: Firewalls that generate new packets.. Timothy Shea (Nov 28)
- Re: Firewalls that generate new packets.. Paul Melson (Nov 28)
- Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 28)
- Re: Firewalls that generate new packets.. Darren Reed (Nov 28)
- Re: Firewalls that generate new packets.. Patrick M. Hausen (Nov 28)
- Re: Firewalls that generate new packets.. Darren Reed (Nov 28)
- Re: Firewalls that generate new packets.. Patrick M. Hausen (Nov 29)
- Re: Firewalls that generate new packets.. lordchariot (Nov 29)
- Re: Firewalls that generate new packets.. Cat Okita (Nov 26)
- Re: Firewalls that generate new packets.. Chris Blask (Nov 26)
- Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 26)
- Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 26)
- Re: Firewalls that generate new packets.. Bill McGee (bam) (Nov 26)
- Message not available
- Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 26)
- Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 26)