Firewall opinions wanted please
Rachael Treu
rara at navigo.com
Wed Mar 17 21:11:10 UTC 2004
On Wed, Mar 17, 2004 at 12:19:53PM -0500, Eric Gauthier said something to the effect of:
>
> > > _Everyone_ (network connected) should have a firewall. My grandma should
> > > have a firewall. Nicole, holding dominion over this business network and
> > > its critical infrastructure, should _definitely_ have a firewall. ;)
>
> By "firewall", do you mean "dedicated unit that does statefull filtering"
No.
> or just "something that will block packets"? We've successfully argued
> to just about every group here at our University who came to us asking for a
> "firewall" that, given what they wanted to achieve, they could accomplish the
> same thing with simple ACLs...
fire'wall
1. A fireproof wall used as a barrier to prevent the spread of fire.
2. Computer Science. Any of a number of security schemes that prevent unauthorized users from gaining access to a computer network or that monitor transfers of information to and from the network.
>
> I'm sure that the cost of the ACL's (i.e. $0.00) versus the cost of a firewall
> also helped them in their decision...
This is just a semantic issue. I am putting any packet-level inspection
engine deployed as an access control means into the category of "firewall."
The confusion here would be akin to my retorting with "how on earth are
deploying lists of system object access rights going to protect a network
edge?" ;) ACL has alternate meanings, as well[1].
A sample of what some vendors call some things:
Cisco: router packet-level access control = ACL
Microsoft: OS object permissioning schema = ACL
Linksys: router packet-level access control = firewall
Juniper: router packet-level access control = firewall filter
:)
*,
--ra
[1]http://whatis.techtarget.com/definition/0,289893,sid9_gci213757,00.html
--
k. rachael treu, CISSP rara at navigo.com
..quis costodiet ipsos custodes?..
>
> Eric :)
More information about the NANOG
mailing list