[fw-wiz] Layer 2 firewalls ...

From: Andrew K. Adams (akadams_at_psc.edu)
Date: 08/29/05

  • Next message: Tichomir Kotek: "Re: [fw-wiz] PIX denying SSH Access - until I run PDM?"
    To: firewall-wizards@honor.icsalabs.com
    Date: Mon, 29 Aug 2005 14:26:02 -0400

    Is anyone aware of any *disadvantages* of layer 2 firewalls?

    Current marketing seems to be pushing layer 2 firewalls mostly, as far as I
    can tell, to reduce the possibility of the device being compromised (no ip
    address.) And it seems to me, that any network using a media of Ethernet
    could (and should?) be doing this, unless of course, they needed the device
    to perform layer 3 or 4 utility (e.g., NAT), additionally.

    I readily admit that I don't possess "link layer" expertise, and thus, I
    suspect that I must be missing something further, if layer 2 firewalls are
    indeed a trade-off.



    Andrew K. Adams
    Pittsburgh GigaPoP & Network Research Group
    Pittsburgh Supercomputing Center      Office: 306-A Mellon Institute
    Carnegie Mellon University            Phone:  (412) 268-5142
    4400 Fifth Ave.                       Fax:    (412) 268-8200
    Pittsburgh, PA 15213                  WWW:    http://www.psc.edu/~akadams/
           D3 FA 7D 61 FD ED BD D9  0C DE 94 DB 0F 25 D0 2E
    firewall-wizards mailing list

  • Next message: Tichomir Kotek: "Re: [fw-wiz] PIX denying SSH Access - until I run PDM?"

    Relevant Pages

    • Re: Defense in Depth
      ... What is meant by "layers" of security, is this: the entry points that must be ... Physical Layer - Physical access to the resources. ... attacks and other attacks that go after the software itself. ... "layer" in one long chain (lots of firewalls). ...
    • Re: Firewalls: whats the use?
      ... We are thinking obviously of different firewalls here. ... machine network and an untrusted network. ... they are a separate tool that can be used to control what people ... have access to based on a SEPARATE OSI Layer. ...
    • Re: Layer 7 firewall Vs Stateful packet inspection firewall
      ... CheckPoint provides ... or 4th (TCP/IP) layer depending upon the model we're referring to. ... >> For simplistic discussion there are two primary types of firewalls. ...
    • RE: [fw-wiz] GIDS, Intrusion Prevention: A Firewall by Any Other Name
      ... Things that are really signature ... policy based firewalls not being capable of providing the sorts of security ... As with other aspects of security; Defense In Depth should be a cardinal ... Yes I know that this is the Application Layer gateway model, ...
    • Re: What are the best tools to prevent, eliminate worms, virus, web attracks from a network
      ... Worms, virii, and web attacks can all get ... Because they are Layer 7 type attacks. ... While yes, some firewalls ... Trent wrote: ...