Firewall Wizards mailing list archives
Re: Re: Use of firewalls in networks of today (Was: Re: Setting up H323 IP telephony etc )
From: "Victoria of Borg" <vicofborg () myrealbox com>
Date: Tue, 02 Sep 2003 20:55:12 -0500
-----Original Message----- Mikael Olsson <mikael.olsson () clavister com>
"Marcus J. Ranum" wrote: This whole firewall "thing" has become an exercise in wishful-thinking "have your cake and eat it too" -- and in the long run it's not going to work. It only works now because the hackers aren't as smart as they and the media think they are.
That would be the curmudgeon view, yes, and I'll confess to being guilty of it on some of my darker days.
Me too. Especially since we had a worm outbreak on the inside today that kept me and the rest of our staff hopping all day. Times like these test your faith in your security procedures.
The important difference is that firewalls (as in "the box that all traffic to the Internet has to pass through") can no longer be used for risk elimination for meaningful values of "network traffic". If, indeed, they ever could. Now, it's about risk mitigation, and it's just one tool of many in securing your network (perimeter).
Exactly. And as we've all said before, a firewall is only so good. Take these worms that propegate over tcp/135. Any firewall worth its price blocks that one. Unless it is an internal fireall on a VPN/RAS network and the users need to get at their drives, of course. Then it's like so much tissue. Actually, in our case it was more like a fuse than anything; the ping-flood melted the firewall so bad it failed closed. So tomorrow the, "what can we do to prevent this," talks begin, and it all starts up again. And all the good answers are either too expensive, or so painful even today's exercizes can't make them happen. - "But we were behind a firewall!" - "So was the machine that infected us." _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Use of firewalls in networks of today (Was: Re: Setting up H323 IP telephony etc ) Mikael Olsson (Sep 01)
- <Possible follow-ups>
- Re: Re: Use of firewalls in networks of today (Was: Re: Setting up H323 IP telephony etc ) Victoria of Borg (Sep 04)