ACLs vs. full firewalls
Nathan Ward
nanog at daork.net
Tue Apr 7 22:46:11 UTC 2009
On 8/04/2009, at 10:32 AM, Karl Auer wrote:
> I'd be interested to hear why people use firewalls. I've never felt
> the
> need, myself - am I living in a fool's paradise?
End hosts are not always trustworthy.
If a host is compromised, should it be able to send anything and
everything out to the public network?
If a host is a desktop PC controlled by an end user, should it be able
to send and receive anything it wants?
IMO, host based filtering and ACLs (either firewalls or router ACLs or
whatever) in the network should both be used. They fulfil different
needs.
--
Nathan Ward
More information about the NANOG
mailing list