Firewall Wizards mailing list archives
RE: CERT vulnerability note VU# 539363
From: "Stephen Gill" <gillsr () yahoo com>
Date: Wed, 16 Oct 2002 13:42:11 -0500
Hi Paul, [re: stateless filtering] ] I find it slightly useful for UDP, but overall think the added complexity ] doesn't bring much in the way of protection if you carefully design your ] architecture. I agree fully. Performance gains aside, the security gained from stateful filtering is not always that much. Current convention would have you think so, but there is a lot to be said for ACL's ;). On the other hand, I find it much easier to configure stateful rules on a firewall especially when things like NAT are involved. Having a device that has a construct of established connections usually makes it easier to configure and manage directional flows. ] The performance information that this thread has started IS interesting, ] and it's started me wondering about the whole "filter on a router vs. ] firewall" thing again. Indeed! -- steve _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: CERT vulnerability note VU# 539363, (continued)
- Re: CERT vulnerability note VU# 539363 Paul D. Robertson (Oct 16)
- Re: CERT vulnerability note VU# 539363 R. DuFresne (Oct 16)
- Re: CERT vulnerability note VU# 539363 Daniel Hartmeier (Oct 16)
- Re: CERT vulnerability note VU# 539363 Paul D. Robertson (Oct 16)
- RE: CERT vulnerability note VU# 539363 Stephen Gill (Oct 16)
- Re: CERT vulnerability note VU# 539363 Frank Knobbe (Oct 16)
- Re: CERT vulnerability note VU# 539363 Paul Robertson (Oct 16)
- Re: CERT vulnerability note VU# 539363 Paul D. Robertson (Oct 16)
- Re: CERT vulnerability note VU# 539363 Martin (Oct 16)
- Re: CERT vulnerability note VU# 539363 Mikael Olsson (Oct 16)
- RE: CERT vulnerability note VU# 539363 Philip J. Koenig (Oct 16)
- RE: CERT vulnerability note VU# 539363 Stephen Gill (Oct 17)