Re: [fw-wiz] Firewall rules order and performance



On Mon, Jul 27, 2009 at 1:21 AM, Jean-Denis Gorin<jdgorin@xxxxxxxxxxxx> wrote:
Who remember that firewalls (as application gateways) was designed to solve (or
to ease a lot) the patch management problem?
Now, we are back to patch management as the solution for all problems because
dumb people (managers, marketers, buyers, system admins, network admins,
developers, or whatever fit your situation) are unable (or unwilling) to
understand what is a firewall, and what is it due for...

Part of the problem with your argument is that in order for e,g, a web
server to be reached, port 80 (and maybe port 443) have to be allowed
through the firewall. That fact alone means that the webservers have
to be patched, because as long as the firewall is allowing legitimate
traffic through, it could also be allowing malicious traffic
through...

--
Eric
http://nixwizard.net
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: [fw-wiz] Firewall rules order and performance
    ... we are back to patch management as the solution for all problems ... unwilling) to understand what is a firewall, and what is it due for... ... told you that a "stateful packet inspection" thing is a firewall, ... A firewall is layer 7 proxy (also known as application gateway). ...
    (Firewall-Wizards)
  • Re: [fw-wiz] Firewall rules order and performance
    ... good firewall has a DNS proxy and denies malformed packets, ... set to filter out 'nsupdate' type packets. ... we are back to patch management as the solution for all problems ... understand what is a firewall, and what is it due for... ...
    (Firewall-Wizards)
  • Re: [fw-wiz] Firewall rules order and performance
    ... Only if your "firewall" is a lowly stateful inspection packet filter, ... we are back to patch management as the solution for all problems ...
    (Firewall-Wizards)