Firewall opinions wanted please

Erik Haagsman erik at we-dare.net
Wed Mar 17 20:22:33 UTC 2004


On Wed, 2004-03-17 at 21:02, Petri Helenius wrote:
> No, the applications should accept only authorized connections. If that 
> would be the case, there would be no need to filter at packet level.

No, since this would be assuming that each application is perfect and
there's no such thing as buffer overflows and other software bugs
(including those in authentication routines). A firewall is an extra
line of defence in preventing malicious packets from reaching the
destination app and the more people have one the better (although I'm
not sure whether grandma would be too bothered)
It's not bulletproof (and could potentially contain a gut itself) but it
provides additional security, regardless of authenticaion of
connections.



-- 
---
Erik Haagsman
Network Architect
We Dare BV
tel: +31.10.7507008
fax: +31.10.7507005
http://www.we-dare.nl







More information about the NANOG mailing list