Re: medical records, web server, & stateful firewall vs packet filter
From: Dimitri Maziuk (dima_at_127.0.0.1)
Date: 11/09/05
- Next message: netlist: "Re: medical records, web server, & stateful firewall vs packet filter"
- Previous message: Patrick Schaaf: "Re: Defending ARP Spoofing"
- In reply to: netlist: "medical records, web server, & stateful firewall vs packet filter"
- Next in thread: netlist: "Re: medical records, web server, & stateful firewall vs packet filter"
- Reply: netlist: "Re: medical records, web server, & stateful firewall vs packet filter"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 9 Nov 2005 16:43:39 +0000 (UTC)
netlist sez:
...
> My question at this point is: am I making a mistake by placing a
> stateful firewall between the webserver and the Internet? Maybe a
> simple packet filter would be less prone to DoS attacks.
I haven't seen stateless fiewalls with DoS attack detection
capabilities. Besides, a in stateless firewall you don't have
a connection table to search, but you do have 2x the number
of rules to check -- so if you're thinking of performance,
stateful firewalls are not necessarily slower.
I'd put another firewall between the webserver and the rest
of your network for good measure, but if you need multiGb/s
there, it'll be expensive...
Dima
-- Relativity, Uncertainty, Incompleteness, Undecidability: choose any four
- Next message: netlist: "Re: medical records, web server, & stateful firewall vs packet filter"
- Previous message: Patrick Schaaf: "Re: Defending ARP Spoofing"
- In reply to: netlist: "medical records, web server, & stateful firewall vs packet filter"
- Next in thread: netlist: "Re: medical records, web server, & stateful firewall vs packet filter"
- Reply: netlist: "Re: medical records, web server, & stateful firewall vs packet filter"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
