Re: [fw-wiz] Firewalls Compared

From: ArkanoiD (ark_at_eltex.net)
Date: 06/29/04

Next message: Ng Pheng Siong: "Re: [fw-wiz] FreeBSD 4.9 ipfw natd -- Port Forwarding"

Previous message: Anton Alin-Adrian: "Re: [fw-wiz] FreeBSD 4.9 ipfw natd -- Port Forwarding"
Maybe in reply to: kashif: "[fw-wiz] Firewalls Compared"
Next in thread: Stiennon,Richard: "RE: [fw-wiz] Firewalls Compared"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Eugene Kuznetsov <eugene@datapower.com>
Date: Tue, 29 Jun 2004 03:15:42 +0400

nuqneH,

I doubt those people are "normal". Application layer firewalls
are on the scene for many years, so who cares about morons ignoring it?
;-)

The thing you described is packet filter, a vital component of any firewall,
but definitely not the whole firewall itself.

On Mon, Jun 28, 2004 at 07:08:42PM -0400, Eugene Kuznetsov wrote:
> > With the increasing focus on application layer attacks, the day
> > of packet-filters even being termed "firewalls" is pretty much over.
> > Packet filters were barely firewalls to begin with, but today, the
> > fight's mostly up in Layer 7 where they have no value.
>
> Hmm, I do not think that "firewall" is the right term for devices that
> operate at layer 7 or "layer 8". Not on grounds of technical correctness,
> but of common usage. If a big challenge for making a more secure world is
> information and education about threats and best practices, the term
> "firewall" does more harm than good. One man's application firewall is
> another woman's application proxy and someone else's packet filter.
>
> In my experience, what most normal people mean by "firewall" is a box that
> does not do any TCP termination or deep inspection, but instead simply
> allows and disallows connections at certain IP ports. That box may be
> capable of doing more, but usually that capability is not being used.

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Next message: Ng Pheng Siong: "Re: [fw-wiz] FreeBSD 4.9 ipfw natd -- Port Forwarding"

Previous message: Anton Alin-Adrian: "Re: [fw-wiz] FreeBSD 4.9 ipfw natd -- Port Forwarding"
Maybe in reply to: kashif: "[fw-wiz] Firewalls Compared"
Next in thread: Stiennon,Richard: "RE: [fw-wiz] Firewalls Compared"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: [Full-Disclosure] Firewalls
... why are you buying application layer firewalls? ... but please please start taking ya firewalls of your own ... > Personal Firewall/Internet Security. ... > I used Tiny Personal Firewall 1.x before they were ...
(Full-Disclosure)
Re: [Full-Disclosure] Firewalls
... app-level firewalls. ... I use and recommend Kerio as well here at work. ... > why are you buying application layer firewalls? ...
(Full-Disclosure)
Re: Types of firewall...
... > I'm currently working on a firewalls project as part of my degree. ... Static packet filter ... > 2.1 Circuit level proxy ... Packet filtering bridges are firewalls, and even network firewalls, ...
(comp.security.firewalls)
Re: Application Firewall
... Apache with mod_security setup as a reverse proxy is quite good. ... the ASA is a packet filter only firewall. ... Application proxy firewalls do give you some additional protection over ...
(Security-Basics)
Re: Comodo ?
... firewalls do not provide 100% protection means they're worthless. ... Microsoft switches on for you. ... Or you can use a packet filter. ... If the "Personal Firewalls" I had to see would not have so many security ...
(comp.security.firewalls)