Misconceptions
From: JR (notlikely@nowhere.com)
Date: 01/13/03
- Next message: Coolcat: "Re: Complex Case"
- Previous message: Art Kopp: "Re: firewall needed?"
- Next in thread: Lord Shaolin: "Re: Misconceptions"
- Reply: Lord Shaolin: "Re: Misconceptions"
- Reply: Matt Curtin: "Re: Misconceptions"
- Reply: Coercitas Temet'Nosce: "Re: Misconceptions"
- Reply:(deleted message) Leythos: "Re: Misconceptions"
- Reply: Dave Thornburgh: "REVIEW: "Misconceptions" thread in a.c.security and c.security.firewalls"
- Reply: HalDoll2002: "Re: Misconceptions -- some great overview"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "JR" <notlikely@nowhere.com> Date: Mon, 13 Jan 2003 09:50:54 -0500
What some contributors to this newsgroup seem to need, is a better
understanding of the devices and technologies commonly referred to here.
There seems to be some confusion on what does what. In
comp.security.firewalls FERRANTE (Mark) recently asked "Is a router a good
firewall?" That is akin to asking "is a bus is a good airplane". Just
because a bus can fly off a cliff or perform a stunt as in the movie
"Speed", does not qualify it as an airplane!
True routers route traffic much like the old railroad turntables
(http://www.railroadextra.com/roundtab.html) were used to redirect
locomotives when there was more than one path they could take. If there are
only two pieces of track leading to the turntable, then the routing function
is void and simply becomes a relaying function.
Routers can implement "access control lists", a rudimentary form of
filtering, but that does not make them a "firewall".
NAT can be implemented on many routers, but only on stub network (the last
leg of a route, usually a private/office network) routers. The original
intent for NAT (see RFC1631) was a stop gap measure to overcome the
increasing shortage of legitimate IPs (RFC1918). The fact that internal
private address ranges were masked from public view was a side benefit as a
result of the translation, not an intentional security measure.
Routers are NOT firewalls. Firewalls implement security policies or rules
and work closely with routers or routing functions. Firewalls either allow
or deny packets based on the implemented rules. Any good firewall uses SPI
(Stateful Packet Inspection) and PAT (Port Address Translation) as opposed
to its lesser cousin NAT.
Routers do not use SPI and PAT. If they do, then they are Router/Firewalls.
Routers and Firewalls do not perform any anti-virus functions. These are
handled by (surprise, surprise) anti-virus programs, which should be on the
individual client machines if the firewall/router/NAT functions are on a
separate, dedicated machine (as opposed to a network consisting of one
computer). Anti-virus programs use pre-defined virus signatures and
heuristic methods (on the better ones).
A NIDS (Network Intrusion Detection System) is just that. It can be a
combination of programs that alerts the system of attempted intrusion. For
example, receiving a stream of FIN packets is not normal, and is therefore
reported by the NIDS as a possible port scan, normally the prelude to an
attack. Although Black Ice NIDS apparently has heuristic capabilities, that
would be an anti-viral component working in conjunction with the NIDS, but I
am not experienced with Black Ice.
This rant is not meant to insult or offend anyone, but it would be nice to
keep facts and information somewhat correct.
If anyone finds the above info incorrect, let me know, and back it up with
VALID documentation.
If I screwed up anywhere...well...I guess it just sux2B_me :-)
JR
- Next message: Coolcat: "Re: Complex Case"
- Previous message: Art Kopp: "Re: firewall needed?"
- Next in thread: Lord Shaolin: "Re: Misconceptions"
- Reply: Lord Shaolin: "Re: Misconceptions"
- Reply: Matt Curtin: "Re: Misconceptions"
- Reply: Coercitas Temet'Nosce: "Re: Misconceptions"
- Reply:(deleted message) Leythos: "Re: Misconceptions"
- Reply: Dave Thornburgh: "REVIEW: "Misconceptions" thread in a.c.security and c.security.firewalls"
- Reply: HalDoll2002: "Re: Misconceptions -- some great overview"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
