Re: What does a firewall do?
From: IPGrunt (me_at_privacy.net)
Date: 01/19/05
- Next message: GuitarMan: "Re: looking for new router for home based networking and broadband with content filtering"
- Previous message: Nick Roberts: "Re: What does a firewall do?"
- In reply to: Nick Roberts: "What does a firewall do?"
- Next in thread: Arthur Hagen: "Re: What does a firewall do?"
- Reply: Arthur Hagen: "Re: What does a firewall do?"
- Reply: Nick Roberts: "Re: What does a firewall do?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 19 Jan 2005 16:24:29 GMT
Nick Roberts <nick.roberts@acm.org> confessed in
news:gemini.iajvzu001jomo04h4.nick.roberts@acm.org:
> I'll be as brief as possible. I am leading a project that is writing a
new
> operating system (yes, really), and naturally it will have an IP stack.
This
> entire stack will be written from scratch, and it will be written to be
> secure (as will the entire OS).
>
> I recently had an argument (in comp.lang.ada) with someone who simply
could
> not believe that a secure OS will completely obviate the need for any
> firewall. Obviously, I believe that it will.
>
> I'd be very, very grateful if someone could post a list of all the
different
> kinds of protection a really good firewall could be expected to provide.
Be
> as technical as possible (but no need for piles of detail).
>
> I'll follow up such a post with some more details on the security of the
OS.
>
Hard to get a straight answer here, isn't it? I have no problem with your
question and will answer briefly.
Basically, a firewall does what a good protocol stack *should* do: controls
when ports are opened and closed, according to a rule set.
As an adjunct, firewalls these days are also part router, in that they
provide a port proxy service by implemeting network address translation,
and part filter, in that they can provide arbitrary port blocking (never
accept connections on port 111, for instance).
But one of the most important features that firewalls provide is so-called
"statewise" or "stateful" port access control, in that the firewall
software maintains an open connection table that records the source of an
open port, and acts accordingly, allowing packets from only that source to
enter that particular port, blocking packets from any other address.
Firewalls also provide very good logging capabilities these days, so add
that to your list.
Finally, firewalls are now managing private channels through public
transports, like VPN, using both standard and proprietary protocols. Some
of these involve data packet encryption/decryption using symmetric and
asymmetric key mechansism, for example, IPSec.
As we move toward universal use of IP6, some of these functions will
migrate naturally to the network stack, however, I say it's high time to
move firewalling, or at perhaps the hooks and stubs for firewalling
appliances inside the network stack. In this century, networking without
security is a fool's undertaking.
-- ipgrunt
- Next message: GuitarMan: "Re: looking for new router for home based networking and broadband with content filtering"
- Previous message: Nick Roberts: "Re: What does a firewall do?"
- In reply to: Nick Roberts: "What does a firewall do?"
- Next in thread: Arthur Hagen: "Re: What does a firewall do?"
- Reply: Arthur Hagen: "Re: What does a firewall do?"
- Reply: Nick Roberts: "Re: What does a firewall do?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
