Re: Firewalls Compared

[ArkanoiD <ark () eltex net>]

nuqneH,

I doubt those people are "normal". Application layer firewalls
are on the scene for many years, so who cares about morons ignoring it?
;-)

The thing you described is packet filter, a vital component of any firewall,
but definitely not the whole firewall itself.


On Mon, Jun 28, 2004 at 07:08:42PM -0400, Eugene Kuznetsov wrote:
> > With the increasing focus on application layer attacks, the day
> > of packet-filters even being termed "firewalls" is pretty much over.
> > Packet filters were barely firewalls to begin with, but today, the
> > fight's mostly up in Layer 7 where they have no value.
>
> Hmm, I do not think that "firewall" is the right term for devices that
> operate at layer 7 or "layer 8". Not on grounds of technical correctness,
> but of common usage. If a big challenge for making a more secure world is
> information and education about threats and best practices, the term
> "firewall" does more harm than good. One man's application firewall is
> another woman's application proxy and someone else's packet filter. 
>
> In my experience, what most normal people mean by "firewall" is a box that
> does not do any TCP termination or deep inspection, but instead simply
> allows and disallows connections at certain IP ports. That box may be
> capable of doing more, but usually that capability is not being used. 

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards