Re: [fw-wiz] Firewall Primitives

From: Predrag Zivic (pzivic@yahoo.com)
Date: 11/10/02


From: Predrag Zivic <pzivic@yahoo.com>
To: "Marcus J. Ranum" <mjr@ranum.com>, Mikael Olsson <mikael.olsson@clavister.com>
Date: Sun Nov 10 18:29:19 2002


> The fact that there are HUGE numbers of new
> protocols and
> many of them are designed by idiots, poorly
> documented, and
> proprietary makes packet-filtering firewalls nearly
> a
> necesssity. It's why (in the early days) CheckPoint
> did
> so well: you could let some braindamaged cruft
> through a
> checkpoint more easily than through a proxy
> firewall.
> Note: I said "let through" not "secure" - though
> there
> were people who felt that going and telling a
> firewall
> "let Oracle back and forth on port XYZ" meant that
> the firewall was somehow "securing Oracle."
> Fortunately
> Oracle is now unbreakable...
Hey, I would add PIX to the exact same group. It is
the quickest firewall out there, since it does let
through everytihing:-)) Marcus, you are exactly on the
spot with protocols and security.
Well, I think that in the next two years, morronic
stuff like "secure filtering" and "Six As of Security"
will die down as people become more educated, or am I
just dreaming...
It is upon us to fight with "we secure everything"
marketing claims; or are we going to be a group of Don
Quihotes...

pez

__________________________________________________
Do you Yahoo!?
U2 on LAUNCH - Exclusive greatest hits videos
http://launch.yahoo.com/u2