Re: [fw-wiz] Firewall rules order and performance
- From: Eric Gearhart <eric@xxxxxxxxxxxxx>
- Date: Tue, 28 Jul 2009 14:06:24 -0700
On Mon, Jul 27, 2009 at 1:21 AM, Jean-Denis Gorin<jdgorin@xxxxxxxxxxxx> wrote:
Who remember that firewalls (as application gateways) was designed to solve (or
to ease a lot) the patch management problem?
Now, we are back to patch management as the solution for all problems because
dumb people (managers, marketers, buyers, system admins, network admins,
developers, or whatever fit your situation) are unable (or unwilling) to
understand what is a firewall, and what is it due for...
Part of the problem with your argument is that in order for e,g, a web
server to be reached, port 80 (and maybe port 443) have to be allowed
through the firewall. That fact alone means that the webservers have
to be patched, because as long as the firewall is allowing legitimate
traffic through, it could also be allowing malicious traffic
firewall-wizards mailing list