Re: Firewalls
From: Don Kelloway (dkelloway_at_commodon.com)
Date: 08/06/03
- Next message: Ryan Jackson: "Trojans"
- Previous message: Don Kelloway: "Re: Firewalls"
- In reply to:(deleted message) Leythos: "Re: Firewalls"
- Next in thread: Leythos: "Re: Firewalls"
- Reply:(deleted message) Leythos: "Re: Firewalls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 06 Aug 2003 00:36:56 GMT
"Leythos" <void@nowhere.com> wrote in message
news:MPG.1999fe11de589f54989b40@news-server.columbus.rr.com...
> In article <NFTXa.7094$WM4.4949@newsread1.news.atl.earthlink.net>,
> dkelloway@commodon.com says...
> [snip]
> > Leythos,
> >
> > Based upon the definition previously provided, a 'firewall' can be
> > anything. And while you may not agree, this would mean that a
router
> > can be considered a 'firewall' in the sense that it can be
configured to
> > provide restriction. Granted the level of restriction is simplistic
if
> > it's compared to the profileration of firewall technology available
> > today, but this doesn't mean that a router cannot be considered a
> > 'firewall'. In fact there are many organizations that still use a
> > router as their only 'firewall' or as a compliment to an existing
> > firewall device.
>
> I've run across many organizations that use a simple router with NAT
as
> what they seem to think is their firewall. I'll give this part to
you -
> a NAT router is a firewall in one direction, but not in the outbound
> direction (strictly using a very loose definition of a firewall).
>
> > In closing, please understand that I respect your opinion and
wouldn't
> > expect you to readily agree. However it would be nice if you
consider
> > reading 'Building Internet Firewalls', published by O'Reilly. While
> > strongly oriented towards Unix, it is platform-independent and often
> > considered one of the best books available to discuss this subject
of
> > firewalls. Chapter one is entitled 'What is an Internet Firewall'
and
> > provides the basis for which my above comments and opinion are based
> > upon.
>
> Many people are writing papers on security, the above publisher is no
> exception. In the past I've found their books to be directed towards
> many levels of readers. I would expect that a book titled "Building
> Internet Firewalls" to be for the mid level network engineers.
>
> My personal choice for a firewall is the Watch Guard line of
appliances
> - running on a modified version of Linux, I've installed hundreds of
> them. I've also installed PIX, Sonic, and Checkpoint (not to mention
ZA,
> Tiny, Kerio, BID, etc...).
>
> I think that it's going to be very hard for me to change my definition
> of "Firewall" to allow devices/applications that only protect the
> network in one direction. I've lived by the idea that a firewall
> protects in BOTH directions.
>
> I'll look for the book you mention next time at Borders....
>
Thanks for your reply.
I appreciate the reversal of your previous statement. IOW that a router
can be configured to act as a firewall. Granted it may not represent
the level of security you or I would want to provide, but it can and
does work for many organizations.
However I am surprised to read that you're not familiar with 'Building
Internet Firewalls'. If it means anything I've been involved with the
firewall industry since 1997 and have no qualms with offering this book
as one of the best when compared to all of the others I've read. In
fact, I have several 1st editions in 'brand new' condition. If you're
interested send me an email and other than the cost of S&H, it's yours
for free.
If you're additionally interested. You may want to consider the
following books as well. I will concede that some are better than
others, but each offers insight another may lack.
'Firewalls and Internet Security, Repelling the Wiley Hacker', written
by Cheswick and Bellovin, published by Addison Welsey
'Firewalls Complete', written by Goncalves, published by McGraw Hill
'Practical Firewalls', written by Ogletree, published by QUE
'Firewalls 24/7', written by Strebe and Perkins, published by Sybex
'The NCSA Guide to PC and LAN Security', written by Cobb, published by
McGraw Hill
'Windows Internet Security', written by Fogie and Peikari, published by
Prentice Hall
'TCP/IP, 2nd Edition', written by Feit, published by McGraw Hill
'Network Security in a Mixed Environment', written by Blacharski,
published by IDG Books
In closing, I think the BEFSR41 does provide the ability to filter
outbound traffic. Though I could be wrong as it's been awhile since I
played around with one.
-- Best regards, Don Kelloway Commodon Communications Visit http://www.commodon.com to learn about the "Threats to Your Security on the Internet".
- Next message: Ryan Jackson: "Trojans"
- Previous message: Don Kelloway: "Re: Firewalls"
- In reply to:(deleted message) Leythos: "Re: Firewalls"
- Next in thread: Leythos: "Re: Firewalls"
- Reply:(deleted message) Leythos: "Re: Firewalls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
