Re: Proxies, opensource and the general market: what's wrong with us?

[David Lang <david () lang hm>]

On Tue, 26 Apr 2011 00:25:37 -0700, Tracy Reed wrote:
> I understand packet filters and proxies to be firewalls. A lot of the 
> rest of
> the stuff (DLP, endpoint discovery, OCR, etc. etc.) seem like 
> separate pieces
> of software. Security related, sure, but not firewalls.
>
> > > Depends on what you mean by "real". I know tons of people look at 
> > the
> > > Linux firewall code.
> >
> > You mean packet filter code? :-)
>
> Yes. Here we have a problem somewhat like the classical meaning of
> "hacker" vs
> the common meaning of "hacker". And this firewall vs packet filter 
> debate may
> not even have that much legitimacy. I can find a number of people who 
> still
> subscribe to the classical idea of a hacker but a few of the denizens 
> of this
> mailing list are the only ones I know of who insist on issuing a 
> correction
> when someone calls a packet filter a firewall. It just seems like 
> pointless
> snobbery.

however, this issue is key to the problem

I don't object to a packet filter being defined as a firewall.

however I do object when people define packet filter == firewall and 
say that anything other than packet filters is not a firewall (and 
doesn't belong as part of a firewall), but is instead something else.

A firewall is a device that controls access through it.

or

A firewall is a device or software that you use to implement your 
security policy.

this can be via packet filters, proxies, IPS, or anything else.

don't try to define it more narrowly. a few of the big vendors have 
done the industry a HUGE disservice by redefining the term 'firewall' to 
mean a packet filter, and nothing but a packet filter.

David Lang

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards