Re: Firewalls
From: Leythos (void_at_nowhere.com)
Date: 08/06/03
- Next message: Ryan Jackson: "Trojans"
- Previous message: Don Kelloway: "Re: Firewalls"
- In reply to: Don Kelloway: "Re: Firewalls"
- Next in thread: Don Kelloway: "Re: Firewalls"
- Reply:(deleted message) Don Kelloway: "Re: Firewalls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 06 Aug 2003 01:05:53 GMT
In article <I4YXa.7178$WM4.4940@newsread1.news.atl.earthlink.net>,
dkelloway@commodon.com says...
[snip]
> Thanks for your reply.
>
> I appreciate the reversal of your previous statement. IOW that a router
> can be configured to act as a firewall. Granted it may not represent
> the level of security you or I would want to provide, but it can and
> does work for many organizations.
I believe that I wrote the following:
> > I've run across many organizations that use a simple router with NAT as
> > what they seem to think is their firewall. I'll give this part to you -
> > a NAT router is a firewall in one direction, but not in the outbound
> > direction (strictly using a very loose definition of a firewall).
As you can clearly see, I didn't not apply a blanket acceptance of NAT
being a firewall. I said it can be a firewall in one direction based on
a loose definition of what a firewall is.
NAT does not make a firewall. A firewall can HAVE NAT, and NAT can
provide firewall like features, but only does so in ONE DIRECTION.
> However I am surprised to read that you're not familiar with 'Building
> Internet Firewalls'. If it means anything I've been involved with the
> firewall industry since 1997 and have no qualms with offering this book
> as one of the best when compared to all of the others I've read. In
> fact, I have several 1st editions in 'brand new' condition. If you're
> interested send me an email and other than the cost of S&H, it's yours
> for free.
Thanks for the offer, but I've been doing this for many corporations for
many years (since the early 90's). I read about all the new technology,
play with it in my lab, and test it in settings that mimic real world
conditions before I install it in clients locations.
[snip]
> In closing, I think the BEFSR41 does provide the ability to filter
> outbound traffic. Though I could be wrong as it's been awhile since I
> played around with one.
None of these devices provide true outbound security - sure, they can
block a IP from reaching the internet, they can stop a PORT from going
outbound for ALL users, but they don't have a set of rules that you can
apply/build like standard firewall devices, and for the most part don't
firewall outbound connections.
Don't take my position that the NAT routers not being firewalls as
meaning that I don't like them - I do like the NAT routers. Heck, I even
own several of them (I segment my development centers on my lan this
way). I used a Linksys BEFSR41 for 3 years until I could afford my first
Watch Guard Firebox II for my home office (before those I use Sygate). I
currently have the BEFSR41, the wireless router, the VPN router, and the
first firewall router they came out with .... All have their places, but
none of them are really firewalls.
Every ISP should include a Linksys with their service, but I would never
install a Linksys at a clients office where they did anything with
finances, medical, engineering, software design, and many other things.
Sincerely,
Mark
-- -- spamfree999@rrohio.com (Remove 999 to reply to me)
- Next message: Ryan Jackson: "Trojans"
- Previous message: Don Kelloway: "Re: Firewalls"
- In reply to: Don Kelloway: "Re: Firewalls"
- Next in thread: Don Kelloway: "Re: Firewalls"
- Reply:(deleted message) Don Kelloway: "Re: Firewalls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
