Re: [fw-wiz] Firewall Primitives

From: Predrag Zivic (
Date: 11/10/02

From: Predrag Zivic <>
To: "Marcus J. Ranum" <>, Mikael Olsson <>
Date: Sun Nov 10 18:29:19 2002

> The fact that there are HUGE numbers of new
> protocols and
> many of them are designed by idiots, poorly
> documented, and
> proprietary makes packet-filtering firewalls nearly
> a
> necesssity. It's why (in the early days) CheckPoint
> did
> so well: you could let some braindamaged cruft
> through a
> checkpoint more easily than through a proxy
> firewall.
> Note: I said "let through" not "secure" - though
> there
> were people who felt that going and telling a
> firewall
> "let Oracle back and forth on port XYZ" meant that
> the firewall was somehow "securing Oracle."
> Fortunately
> Oracle is now unbreakable...
Hey, I would add PIX to the exact same group. It is
the quickest firewall out there, since it does let
through everytihing:-)) Marcus, you are exactly on the
spot with protocols and security.
Well, I think that in the next two years, morronic
stuff like "secure filtering" and "Six As of Security"
will die down as people become more educated, or am I
just dreaming...
It is upon us to fight with "we secure everything"
marketing claims; or are we going to be a group of Don


Do you Yahoo!?
U2 on LAUNCH - Exclusive greatest hits videos

Relevant Pages

  • Re: [fw-wiz] Firewall Primitives
    ... >to the sheer number of protocols in common use today? ... checkpoint more easily than through a proxy firewall. ... we did app logic on HTTP as well. ... As William Hugh Murray says "Connectivity trumps security ...
  • [REVS] Bypassing Client Application Protection Techniques
    ... Get your security news from a reliable source. ... protection programs. ... * Kerio Personal Firewall 4.0 ... And we got actually nothing in the field of client application ...
  • Re: Recycler security issues on IIS server
    ... > latest upates to the server. ... > like to see the server put behind our firewall, ... other software, install all patches, IISlockdown, URLscan, use the correct ... the procedures you follow may vary depending on your security needs. ...
  • Why hasnt Symantec addressed nastier Messenger spoofs
    ... Norton / Symantec has been silent on whether Norton Internet Security ... DSL firewall will stop these kinds of pop-ups. ... major ISPs and broadband systems. ...
  • Re:RE : suggestions on a good firewall
    ... Subject: RE: suggestions on a good firewall ... CheckPoint does! ... with a url-filtering server. ... IT Technical Security Officer ...