Re: what should I do when....

William,
I can't agree with you more that no single tool protects enough. That said, I don't know why people started saying that they use "all the tools", that in and of its self would be a mess. What tools people are actually using would make an interesting conversation though. ;]

Regards,
Adriel T. Desautels
Chief Technology Officer
Netragard, LLC.
Office : 617-934-0269
Mobile : 617-633-3821
http://www.linkedin.com/pub/1/118/a45

Join the Netragard, LLC. Linked In Group:
http://www.linkedin.com/e/gis/48683/0B98E1705142

---------------------------------------------------------------
Netragard, LLC - http://www.netragard.com - "We make IT Safe"
Penetration Testing, Vulnerability Assessments, Website Security

Netragard Whitepaper Downloads:
-------------------------------
Choosing the right provider : http://tinyurl.com/2ahk3j
Three Things you must know : http://tinyurl.com/26pjsn


William Mohney wrote:
No one tool protects "enough". That's why we use all the tools.

Bill


-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of Adriel Desautels
Sent: Friday, July 11, 2008 9:14 AM
To: Ansgar -59cobalt- Wiechers
Cc: security-basics@xxxxxxxxxxxxxxxxx
Subject: Re: what should I do when....

Ansgar,
You are right, I am wrong. A firewall is not a traffic shaping
device and I was using the wrong terminology (which doesn't happen very often, but its somewhat refreshing when it does and I'm corrected).

I do stand by my *opinion* that a firewall is not a security
device but is a traffic control device. My opinion can be contradicted as the definition of security is to protect from harm, and firewalls do protect

some systems from harm. That is not enough to make me change my mind though. Firewalls do not protect *enough* and are easy enough to circumvent.

Regards,
Adriel T. Desautels
Chief Technology Officer
Netragard, LLC.
Office : 617-934-0269
Mobile : 617-633-3821
http://www.linkedin.com/pub/1/118/a45

Join the Netragard, LLC. Linked In Group:
http://www.linkedin.com/e/gis/48683/0B98E1705142

---------------------------------------------------------------
Netragard, LLC - http://www.netragard.com - "We make IT Safe"
Penetration Testing, Vulnerability Assessments, Website Security

Netragard Whitepaper Downloads:
-------------------------------
Choosing the right provider : http://tinyurl.com/2ahk3j
Three Things you must know : http://tinyurl.com/26pjsn


Ansgar -59cobalt- Wiechers wrote:
On 2008-07-10 Adriel Desautels wrote:
What I said is not wrong, it is actually very accurate.
No.

Firewalls are traffic shaping devices and it is my opinion that they
are not security devices. In fact, I'm not sure what you disagree
with.
Look up the definition of "traffic shaping" (e.g. [1]). Look up the
definition of "firewall" (e.g. [2]). Notice the difference.

I said:

"It is my opinion that firewalls are not security devices as much as
they are traffic shaping devices. Their job is to control network
connections and the flow of traffic, not to ensure that something
can't be hacked."

You accused me of being wrong, but then you said:

"A firewall is the implementation of a concept of what kind of
traffic
you want to allow or disallow between any two given networks."

Isn't that what I said?
No.

You are in fact shaping traffic by controlling what goes in and out.
I
suppose my use of the term "Traffic Shaping" could be argued.
No.

Firewalls accept or deny access based on their ruleset. Traffic
shaping
devices don't decide whether to accept or deny anything, but modify
packet rates in order to optimize network performance and/or bandwidth
usage. Two entirely different concepts, using different means to
achieve
different ends.

I do think that firewalls can be used to enforce certain policies
that
are security oriented, but firewalls are not in my opinion security
devices.
Then your opinion is wrong. Plain and simple.

The decision what you want to allow or disallow into or out of your
network is by any means a security decision. Firewalls implement and
enforce this decision on a technical level and therefore are by
definition security devices.

[1] http://en.wikipedia.org/wiki/Traffic_shaping
[2] http://en.wikipedia.org/wiki/Firewall

Regards
Ansgar Wiechers

Relevant Pages

  • RE: what should I do when....
    ... I do stand by my *opinion* that a firewall is not a security ... definition of security is to protect from harm, ... Firewalls do not protect *enough* and are easy enough to ... "It is my opinion that firewalls are not security devices as much as ...
    (Security-Basics)
  • Re: what should I do when....
    ... "It is my opinion that firewalls are not security devices as much as ... suppose my use of the term "Traffic Shaping" could be argued. ... Firewalls accept or deny access based on their ruleset. ...
    (Security-Basics)
  • Re: what should I do when....
    ... Firewalls are traffic shaping devices and it is my opinion that they are not security devices. ...
    (Security-Basics)
  • RE: [fw-wiz] Firewalls v. Router ACLs
    ... So thousands of ACL logs per second can ratchet your processor ... CheckPoint AI and NG have far superior higher level packet inspection ... am I using these firewalls to protect against ...
    (Firewall-Wizards)
  • [Full-Disclosure] Re: Pudent default security - Was: CyberInsecurity: The cost of Monopoly
    ... W2K and XP both have firewalls capable of blocking ports. ... local policy, IDS) under one roof and implement unified policies, ... Manage multiple group policies easily, ... protect the clueless and their data. ...
    (Full-Disclosure)