Re: Completely replace software firewall with hardware firewall?

From: Ian JP Kenefick (ian_kenefick_at_eircom.net)
Date: 03/23/05 

Date: Wed, 23 Mar 2005 02:01:31 +0000

On Tue, 22 Mar 2005 16:53:49 GMT, Leythos <void@nowhere.lan> wrote:

>> I would hardly refer to static policies as outbound protection. In order
>> to provide outbound protection you must work from the application layer.
>> A hardware solution does not provide this.
>
>It depends on how you look at it - I see the spreading of Viruses as a
>means and that an Appliance can stop the spread of viruses. As an example,
>many commercial appliances can bet set to block outbound ports that enable
>the spreading, block outbound attachments, block inbound attachments,

This is an email policy. This is not application level still.

>stop
>file sharing

A static policy where a port is blocked.

>I've seen many routers with NAT, where you can setup personal PORTS

Personal ports?

>, block
>outbound SMTP engine worms

policy - you mean block a certain amount of email being send in a
certain amount of time - bulk mail blocking - limited amount of
recipients.... this is just policy - still not application level.

>, block outbound MS file sharing worms, and even
>though they are not firewalls, the ones with blocking do indeed allow
>users to slow/stop the spread of a virus on infected machines.

Agreed - but still not at the application level where the protection
is needed. You know the phrase 'nip the problem at the bud'.

>I've never said a appliance will remove/clean a virus infected computer,
>but if you can't see how they can prevent the spread you should read up on
>firewalls (real ones) a little more.

A firewall will not block viruses. It can block certain viruslike
activity. A hardware appliance will not prevent a backdoor from access
to the internet. 

-- 
Regards,
Ian Kenefick
http://www.ik-cs.com
If you have a virus: www.ik-cs.com/got-a-virus.htm

Relevant Pages

  • Re: Completely replace software firewall with hardware firewall?
    ... >> to provide outbound protection you must work from the application layer. ... >> A hardware solution does not provide this. ... A static policy where a port is blocked. ... >users to slow/stop the spread of a virus on infected machines. ...
    (comp.security.firewalls)
  • Re: Completely replace software firewall with hardware firewall?
    ... >>means and that an Appliance can stop the spread of viruses. ... many commercial appliances can bet set to block outbound ports ... >>I've seen many routers with NAT, where you can setup personal PORTS ... This prevents many viruses that have their own SMTP engines from sending ...
    (comp.security.firewalls)
  • Re: Completely replace software firewall with hardware firewall?
    ... >>means and that an Appliance can stop the spread of viruses. ... many commercial appliances can bet set to block outbound ports ... >>I've seen many routers with NAT, where you can setup personal PORTS ... This prevents many viruses that have their own SMTP engines from sending ...
    (alt.computer.security)
  • Re: Ex2003 Rewrite domains
    ... Your default policy is set to the highest priority and sets the primary ... Yet another option is to set up an Exchange server as ... I think the easiest would be to search around for a transport event sink. ... >I was under the impression that that is only for OUTBOUND messages? ...
    (microsoft.public.exchange.connectivity)
  • Re: Completely replace software firewall with hardware firewall?
    ... > to provide outbound protection you must work from the application layer. ... many commercial appliances can bet set to block outbound ports that enable ... users to slow/stop the spread of a virus on infected machines. ...
    (comp.security.firewalls)
Quantcast