Re: [fw-wiz] Comparisons between Router ACLs and Firewalls

From: David Pick (d.m.pick_at_qmul.ac.uk)
Date: 01/02/04

  • Next message: hermit921: "Re: [fw-wiz] port 27015"
    To: sd2mcleo@engmail.uwaterloo.ca
    Date: Thu, 01 Jan 2004 23:16:48 +0000
    
    

    There are several different "firewall" technologies that work
    at different layers in the protocol stack. One of these is
    "packet filtering" and router ACLs are just one particular
    implementation of this general technique. They are, in the
    real world, an important implementation because there are
    usually more routers than there are firewalls in a network
    and using this allows more conotrol points to be used and also
    allow for more depth to your defences.

    In the network I control at my place of work we're replacing
    Cisco routers by PCs running FreeBSD and IPFilter so that we
    can have better controls at more levels in the protocol stack
    than is provided by simple ACLs.

    -- 
    	David Pick
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    

  • Next message: hermit921: "Re: [fw-wiz] port 27015"

    Relevant Pages

    • Re: [fw-wiz] Hacker pierces hardware firewalls with web page.
      ... I've seen several other posts where people make use of browser exploits to trick the browser into submitting a form to the router/firewall, and if the router has the default password, the attacker can then configure the firewall any way they want. ... With FTP the client connect to the server, then at the start of a file transfer the client tells the server what port to connect to on the client. ... virtually any service on their machine, even when it's behind certain routers that automatically block it to the outside world. ...
      (Firewall-Wizards)
    • Re: Misconceptions
      ... I admit Firewalls and Routers aren't the exact same thing (of ... Personal Firewall, I wonder if that program is any good? ... > handled by anti-virus programs, which should be on ... > A NIDS is just that. ...
      (comp.security.firewalls)
    • Re: Hardware, software or both?
      ... one more question please regarding routers. ... > 2) Software firewalls are easy for the non-technical computer user to ... > of the personal firewall applications. ...
      (comp.security.firewalls)
    • Re: [fw-wiz] Hacker pierces hardware firewalls with web page.
      ... the attacker can then configure the ... transfer the client tells the server what port to connect to on the client. ... A 'helpful' firewall will watch for this message and reconfigure itself to ... routers that automatically block it to the outside world. ...
      (Firewall-Wizards)
    • Re: [fw-wiz] OSPF on Firewall
      ... > Now I have to insert a firewall in-between the two routers. ... Forward the OSPF traffic in bridge mode with MAC address, ... Do static routing between the routers, ...
      (Firewall-Wizards)