Re: Firewalls: what's the use?

From: Chris Shepherd (
Date: 12/18/03

Date: Thu, 18 Dec 2003 11:38:03 -0500

Tim Haynes wrote:
> No, you're the one bandying around such phrases as "a firewall is JUST
> filtering/manipulating network traffic", and then proceeding to say that
> things that do exactly that somehow aren't firewalls.

I think trivializing something that does MUCH MORE than firewalling (packet
filtering, logging, traffic normalization, and so forth) by calling it a
firewall is to misunderstand the intended use of the software. For instance, a
Proxy can act like a firewall, however, to call a Proxy (mistakenly IMO) a
firewall is to ignore the other added benefits it can offer you. Yes, it offers
firewalling functionality, however, it is not just a firewall.

My stance on using the right single tool for the job stems from my experience as
a programmer. There are situations where it does not make sense to employ a
proxying firewall, or an application firewall, and so forth. I have also found
it is generally MUCH better to use separate firewalls and proxies and so forth,
rather than one service/daemon. By nature such a system (when configured equally
well) will be more secure. It goes back to that discussion on layers of security.

> The wiki article you allude to above seems to get it reasonably accurate,
> IMO. Note how it includes proxying as one way to get firewalling features.

I have never said proxies didn't provide firewalling features. I said proxies
are not firewalls. They include such functionality, but it is silly IMO to take
a proxy daemon and try and use it as a firewall for a large corporate network,
and not use its proxy features. It is first and foremost a proxy, that is what
its intended design is, and that is what it will likely function best as. This
is not true for all cases.

>>I hadn't realised this was going to devolve into a semantical discussion
>>about how to define a word. At any rate, this is incredibly off topic,
> It's entirely on-topic for cols.

Then start a new thread. Considering the subject of this thread, it is off-topic.

Chris Shepherd