Re: Firewall yes, but where?
From: MyndPhlyp (nobody_at_homeright.now)
Date: 02/20/05
- Next message: Jason Edwards: "Re: Firewall yes, but where?"
- Previous message: geezer: "Should I worry about NTOSKRNL.EXE ?"
- In reply to: Klaus Haber: "Firewall yes, but where?"
- Next in thread: Klaus Haber: "Re: Firewall yes, but where?"
- Reply: Klaus Haber: "Re: Firewall yes, but where?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 20 Feb 2005 14:22:06 GMT
"Klaus Haber" <Klaus.Haber@bingo-ev.de> wrote in message
news:1iz765qlbmaqe.vc5phlerzdnb.dlg@40tude.net...
> Hello,
>
> I have an understanding problem. There are different meanings concerning
to
> use firewalls or not. But generell I heard, that a firewall in a _router_
> in connection with a DSL-PC is better than a firewall integrated in the
> same PC, connected to the net by a _modem_. (Firewall means personal
> firewall).
> My understandig ist, that there is no differenz between this both
> configurations. If the router firewall leaks, the attack will reach the
PC.
> The same happens, if the PC-firewall will leak. I see only one advantage
in
> a router-firewall, if you have a local net with different PCs. In this
case
> you need only one firewall for all connected PCs.
Both solutions have their benefits and drawbacks as you have observed.
Generally speaking ...
The firewall appliance will filter and route port and protocol traffic but
doesn't care about application-level stuff (e.g., it doesn't know if the
port 80 traffic originated from Netscape Navigator or Kazza). The up side is
that the entire LAN receives its protection from a single point. The down
side is that trojans and worms riding on port 80 (and similar scenarios)
cannot be blocked.
The personal firewall approach will also filter port and protocol traffic as
well as block or allow traffic at the application level but won't do port
routing. (Port routing is of importance only if you are offering services to
the WAN.) The up side is that the user can control which applications access
the WAN and the LAN. The down side is that only a single machine is
protected.
IMO (naturally), leaks should never exist except in salads, soups (properly
spelled "leek"), sieves, or in the general vicinity of a water closet, tree,
or other isolated area. If a firewall leaks, it isn't much of a firewall. If
your concern is along those lines, it would be prudent to consider multiple
layers of firewalls - both appliance and personal firewall solutions.
- Next message: Jason Edwards: "Re: Firewall yes, but where?"
- Previous message: geezer: "Should I worry about NTOSKRNL.EXE ?"
- In reply to: Klaus Haber: "Firewall yes, but where?"
- Next in thread: Klaus Haber: "Re: Firewall yes, but where?"
- Reply: Klaus Haber: "Re: Firewall yes, but where?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
