Re: [fw-wiz] The Death Of A Firewall
From: Pedski (pedski_at_optonline.net)
To: James Paterson <email@example.com> Date: Mon, 17 Oct 2005 21:30:12 -0400
James Paterson wrote:
>Be interesting to get the communities take on this article.
>firewall-wizards mailing list
This is a model that has holes...
router acl are not statefull.
they seem to have some secutiy by means of DMZ
the managemnt overhead of this is high..sometimes is not that easy
deploying patches if the vulnerabilty came in the night...meaning if you
are blocking everything with a firewall you bought yourself some
time....in this case they are open ...the term raise their immunity to
exists in hashers condition sounds really nice...but often attacks or
worms come like a thief in the night......
there is something flawed with this architecture.
firewall-wizards mailing list