Re: [fw-wiz] Firewall rules order and performance



On Mon, Jul 27, 2009 at 1:21 AM, Jean-Denis Gorin<jdgorin@xxxxxxxxxxxx> wrote:
Who remember that firewalls (as application gateways) was designed to solve (or
to ease a lot) the patch management problem?
Now, we are back to patch management as the solution for all problems because
dumb people (managers, marketers, buyers, system admins, network admins,
developers, or whatever fit your situation) are unable (or unwilling) to
understand what is a firewall, and what is it due for...

Part of the problem with your argument is that in order for e,g, a web
server to be reached, port 80 (and maybe port 443) have to be allowed
through the firewall. That fact alone means that the webservers have
to be patched, because as long as the firewall is allowing legitimate
traffic through, it could also be allowing malicious traffic
through...

--
Eric
http://nixwizard.net
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards