Re: Why you have hardware firewalls

From: MyndPhlyp (nobody_at_homeright.now)
Date: 04/13/05


Date: Wed, 13 Apr 2005 13:37:19 GMT


"Darko Gavrilovic" <darkogAThushmailDOTcom> wrote in message
news:Xns963748AAAF84Fdgavrilovic2123@216.196.97.142...
>
> your methodology may work - if you knew for sure 110% where you target
> customers/visitors are connecting from. but what information makes you so
> sure? and how do you know you aren't losing customers?
>
> the way i see it, your site is either on the internet and public or it's
> on intranet and private. if it's private, then by all means place behind
> F/W and filter to your own corp. subnets.
>
> but if it's public, it's public. where is your reasoning to adjust IP
> filter to target audience connections? the site is in english, so you
> will just assume that anyone who can't read english won't visit - so you
> will filter out non-english speaking countries?
>
> also, relying on IP filtering is a little weak. as we all know, IP's can
> be spoofed. or even simpler, you can find a proxy from allowed IP and use
> it to get in. a guy who has targeted *your* site for an attack probably
> learnt *that* way before he learn how to be a scripter.
>
> filtering SMTP proto so asian countries are excluded is common practice
> and makes sense. but filtering HTTP proto, i do not come across that too
> often.

Uh, it is okay to limit inbound access to a "public" SMTP server but not a
"public" HTTP server? Seems to me that what is good for the goose is good
for the gander. They are both public services. Why allow restrictions on one
"public" service and not the other?