Re: Firewalls
From: Don Kelloway (dkelloway_at_commodon.com)
Date: 08/05/03
- Next message: Don Kelloway: "Re: Firewalls"
- Previous message: Conrad Becker: "Sicherer Datentransport durch Verschlüsselung"
- In reply to:(deleted message) Leythos: "Re: Firewalls"
- Next in thread: Leythos: "Re: Firewalls"
- Reply:(deleted message) Leythos: "Re: Firewalls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 05 Aug 2003 19:35:09 GMT
"Leythos" <void@nowhere.com> wrote in message
news:MPG.1996e382afc4a0f3989b30@news-server.columbus.rr.com...
> In article <CSXWa.4723$WM4.2208@newsread1.news.atl.earthlink.net>,
> dkelloway@commodon.com says...
> [snip]
> > In respect to the BEFSR41 providing NAT and the implementation of
NAT
> > preventing/restricting access between the Internet and the internal
> > PC/network. Then I think one must concede that the BEFSR41 *is* a
> > firewall in the sense that it meets the above definition.
>
> I completely disagree. If being a router was being a firewall then why
> didn't they call routers firewalls before the days of the cheap
> Linksys/DLink boxes (hint, it's because they are not firewall
devices).
>
> Having a single feature of a firewall does NOT make it a firewall. The
> device does NOT inspect the packets and does not have rules for
> OUTBOUND.
>
> > To provide an answer to the expected question of whether I would I
rely
> > upon a BEFRS41 to protect my own LAN? Probably not, but of course I
> > have needs that the use of a BEFSR41 cannot meet. However if my
needs
> > were minimal and my expectations could be met, I would consider its
use.
>
> For minimal protection, the bare minimum that a home user would need,
a
> NAT Router is a great device and would stop most of the hacks and
such.
> Security through obscurity doesn't work, but it does help a lot.
>
> The NAT Routers were called firewall devices by moronic sales
> departments trying to find a way to sell more of them to customers.
> While I fully believe that every home user should sit behind a NAT
> device (even on dial-up) I will never be convenienced that NAT makes
any
> device a firewall.
>
> The firewall must inspect traffic in BOTH directions, and should, by
> default, not allow traffic in EITHER direction without explicit rules.
> The NAT only boxes fail both of these tests.
> --
> --
> spamfree999@rrohio.com
> (Remove 999 to reply to me)
Leythos,
Based upon the definition previously provided, a 'firewall' can be
anything. And while you may not agree, this would mean that a router
can be considered a 'firewall' in the sense that it can be configured to
provide restriction. Granted the level of restriction is simplistic if
it's compared to the profileration of firewall technology available
today, but this doesn't mean that a router cannot be considered a
'firewall'. In fact there are many organizations that still use a
router as their only 'firewall' or as a compliment to an existing
firewall device.
In closing, please understand that I respect your opinion and wouldn't
expect you to readily agree. However it would be nice if you consider
reading 'Building Internet Firewalls', published by O'Reilly. While
strongly oriented towards Unix, it is platform-independent and often
considered one of the best books available to discuss this subject of
firewalls. Chapter one is entitled 'What is an Internet Firewall' and
provides the basis for which my above comments and opinion are based
upon.
-- Best regards, Don Kelloway Commodon Communications Visit http://www.commodon.com to learn about the "Threats to Your Security on the Internet".
- Next message: Don Kelloway: "Re: Firewalls"
- Previous message: Conrad Becker: "Sicherer Datentransport durch Verschlüsselung"
- In reply to:(deleted message) Leythos: "Re: Firewalls"
- Next in thread: Leythos: "Re: Firewalls"
- Reply:(deleted message) Leythos: "Re: Firewalls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
