|
Firewall Wizards
mailing list archives
Re: Firewalls Compared
From: ArkanoiD <ark () eltex net>
Date: Tue, 29 Jun 2004 03:15:42 +0400
nuqneH,
I doubt those people are "normal". Application layer firewalls
are on the scene for many years, so who cares about morons ignoring it?
;-)
The thing you described is packet filter, a vital component of any firewall,
but definitely not the whole firewall itself.
On Mon, Jun 28, 2004 at 07:08:42PM -0400, Eugene Kuznetsov wrote:
With the increasing focus on application layer attacks, the day
of packet-filters even being termed "firewalls" is pretty much over.
Packet filters were barely firewalls to begin with, but today, the
fight's mostly up in Layer 7 where they have no value.
Hmm, I do not think that "firewall" is the right term for devices that
operate at layer 7 or "layer 8". Not on grounds of technical correctness,
but of common usage. If a big challenge for making a more secure world is
information and education about threats and best practices, the term
"firewall" does more harm than good. One man's application firewall is
another woman's application proxy and someone else's packet filter.
In my experience, what most normal people mean by "firewall" is a box that
does not do any TCP termination or deep inspection, but instead simply
allows and disallows connections at certain IP ports. That box may be
capable of doing more, but usually that capability is not being used.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
 By Date 
By Thread
Current thread:
- Re: Firewalls Compared, (continued)
- Message not available
- Re: Firewalls Compared ArkanoiD (Jun 29)
- Message not available
- Re: Firewalls Compared Dave Piscitello (Jun 24)
Re: Firewalls Compared Norman Zhang (Jun 21)
RE: Firewalls Compared Stiennon,Richard (Jun 29)
|
Intro
