Re: software/hardware Firewall tradeoff


Volker Birk wrote:
Taylor, Grant <gtaylor@xxxxxxxxxxxxxxxxx> wrote:
I consider a firewall, depending on the context of the conversation and how
versed the party to whom I'm speaking is, to be any thing from a device
that does some form of firewalling all the way up to specialized equipment
that may or may not be detectable as a filter short of some traffic passing
through or even on up in to an application layer gateway that does content
filtering. In fact you could argue that a spam filter is a form of
firewall, however most would disagree. Usually a firewalling device is a
device that does some sort of filtering based on the contents of layer 2 -
layer 4 traffic on layers 2 or 3. You could make a fairly good argument
that a firewall is not a device that routes or that can other wise be
accessed in band along with the traffic that it is firewalling. I.e. a PIX
501 would probably be considered a firewall by just about all parties
involved. However, a software based firewall on a web server may not be
considered a firewall by nearly as many.

This seems to be more a description than a sharp definition.

What's with RFC 2979?

Yours,
VB.
--

I notice that the RFC also says a device may have NAT functionality,
and firewall functionality. Which really confirms what i've said, and
Duane and perhaps Leythos don't like.

RFCs are only guidelines, they aren't set in stone. Many people hate
them because they are often quite imprecise, they are more a
description than a prescription. I've found them notoriously bad at
defining things. I've seen the use of a term change in the middle of an
RFC(I think it was the term datagram in RFC 791). And I've seen the
same term "network number" (as in classful addresses) used in different
RFCs, and given a different definition (one RFC defines it including
class id bits, another defines it excluding it).

To those that think it's such a shame that Duane considers this thread
dead and won't provide any argument, they have not read the thread
where Duane writes his "argument". I included reference details of that
thread in this thread nd again in this post, and it's easily accessible
via google. His argument was that he relies on what has been said by
the "top guns" of ***this*** newsgroup. He didn't name his
authorities, but perhaps Leythos is one. Since it appears he holds the
same position as Duane in this thread. And he certainly knows a lot
more. And, on googling the archive, I don't see any posts on the
subject that are with Duane so strongly, so if there is an authority to
Duane, it is "he whose posts disappear". And Leythos is knowledgeable -
certainly enough that I can believe Duane trusts him as an authority.

So if you do hope for Duane's arguments, you won't find them fron
Duane. You will find them from whoever his authorities are, and they
are in this newsgroup - somewhere!

Perhaps he will be kind enough to bother naming them.

But if you want to see Duane post about 30 posts in respond to your
question for him to make his position clear. I suggest you read

http://groups.google.co.uk/group/alt.internet.wireless/browse_frm/thread/c132d2059daa241b/82836142fda42543?lnk=st&q=%2256k+dial+up+on+laptop+802.11G+%3F%22&rnum=1&hl=en#82836142fda42543

which is http://tinyurl.com/qvwyp

which as i've said, is this thread here "56k dial up on laptop 802.11G
?"

If anybody had actually looked at that thread, and got the point, then
they would not be asking Duane to establish his position beyond Who his
authorities are.

Volker and Grant , may establish their positions, and then people can
choose. Do they go with one of those that do include their arguments.
Or those that don't.

.

Relevant Pages

  • Re: how secure is a linux firewall?
    ... Duane:) ... With a Linux ... but that is true of any firewall. ... I'll agree with the other poster as to what is being said about a certified solution standalone appliance as opposed to a Linux solution. ...
    (comp.security.firewalls)
  • Re: ZoneAlarm Settings
    ... as your firewall. ... Of course there is a rather steep learning curve. ... The person can barely use ZA and you make a suggestion about switching ... Duane:) ...
    (comp.security.firewalls)
  • Re: ZoneAlarm IP Filtering
    ... "Duane Arnold" wrote in message ... about other ways to configure your firewall, ... I looked through the ZoneAlarm information but could find no info on how to ... The Win2K Help File is equally useless ...
    (comp.security.firewalls)
  • Re: weird scans from port 80
    ... >> box a firewall gives them the right to violate the rules. ... If it is the "general rule" part you do not understand, ... You don't know anything about the standard, ... And if you need more context read the RFC. ...
    (comp.os.linux.security)