Re: Re: Use of firewalls in networks of today (Was: Re: Setting up H323 IP telephony etc )

["Victoria of Borg" <vicofborg () myrealbox com>]

-----Original Message-----
 Mikael Olsson <mikael.olsson () clavister com>

> > "Marcus J. Ranum" wrote:
> >
> > This whole firewall "thing" has become an exercise in wishful-thinking
> > "have your cake and eat it too" -- and in the long run it's not going to
> > work. It only works now because the hackers aren't as smart as
> > they and the media think they are.

> That would be the curmudgeon view, yes, and I'll confess to being
> guilty of it on some of my darker days.

Me too.  Especially since we had a worm outbreak on the inside today that kept me and the rest of our staff hopping all 
day.  Times like these test your faith in your security procedures.

> The important difference is that firewalls (as in "the box that all
> traffic to the Internet has to pass through") can no longer be used 
> for risk elimination for meaningful values of "network traffic".  
> If, indeed, they ever could.  Now, it's about risk mitigation, and 
> it's just one tool of many in securing your network (perimeter).

Exactly.  And as we've all said before, a firewall is only so good.  Take these worms that propegate over tcp/135.  Any 
firewall worth its price blocks that one.  Unless it is an internal fireall on a VPN/RAS network and the users need to 
get at their drives, of course.  Then it's like so much tissue.  Actually, in our case it was more like a fuse than 
anything;  the ping-flood melted the firewall so bad it failed closed.

So tomorrow the, "what can we do to prevent this," talks begin, and it all starts up again.    And all the good answers 
are either too expensive, or so painful even today's exercizes can't make them happen.

- "But we were behind a firewall!"
-  "So was the machine that infected us."

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards