Re: [fw-wiz] Proxies, opensource and the general market: what's wrong with us?



On 2011-04-26 09:25, Tracy Reed wrote:
Yes. Here we have a problem somewhat like the classical meaning of "hacker" vs
the common meaning of "hacker". And this firewall vs packet filter debate may
not even have that much legitimacy. I can find a number of people who still
subscribe to the classical idea of a hacker but a few of the denizens of this
mailing list are the only ones I know of who insist on issuing a correction
when someone calls a packet filter a firewall. It just seems like pointless
snobbery.

But it is not. Network perimeter defence is an industry seriously hit by marketing bullshit from some vendors, who could not come out with a decent firewall, so redefined the term to be applicable to their products.
Doing this they came out with a definition which goes against basic security principles and empties the meaning of the word to the extent which makes nearly pointless to have "firewalls".
This led to a state of affairs where there is practically no discussion about a lot of important questions of network perimeter defense, because the majority of the "firewall" people are kept in a darkness about the issue to the extent that they do not have the background even to ask the right questions.
This means that even though those same vendors now would be in the position to implement actually meaningful features, they do not do it because they have conditioned their consumers to not think about such things.

When you see someone trying to correct this "firewall = packet filter" nonsense, you actually see a vain attempt to correct these mistakes. Because the first step is to meaningfully discuss something is to have meaningful definitions.

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: [fw-wiz] Proxies, opensource and the general market: whats wrong with us?
    ... Yes, separation of security controls from operation is a good practice, but you ... Yes, there are still some possible minor functionality losses and other problems, but honestly I have seen complex firewall setups which would have been achieved better with some routers. ... I don't like to argue about words, because they are just labels, and if there is an agreement on the meaning of the label, it is utterly unimportant how the label looks like. ... This is why it would have been totally perfect to define "firewall" as packet filter at the beginning. ...
    (Firewall-Wizards)
  • Re: [fw-wiz] =?utf-8?q?Proxies=2C_opensource_and_the_general_market?= =?utf-8?q?=3A_what
    ... > Linux firewall code. ... the common meaning of "hacker". ... And this firewall vs packet filter debate may ...
    (Firewall-Wizards)
  • a hacker using remote access?
    ... Some hacking softwares can find ... >the modem must have a internal firewall and you should ... >up does not metter) and they can acsess your pc. ... that means if any hacker acsess your ...
    (microsoft.public.windowsxp.security_admin)
  • Re: I am happy with XP:s integreted firewall!
    ... I still don't know whether to use external firewall or not. ... >> hacker has matching client for it such as Sub Seven client/server. ... > other systems as compromised home systems since mostly home users don't ...
    (comp.security.firewalls)
  • Re: Virtual Private Network - Beware its a Hackers Secret
    ... So checking for open ports no matter ... The reason for this is because a malicious hacker ... If _you_ did a tiny bit of work, you'd install a Firewall to keep people out, ...
    (comp.security.firewalls)