I don't need no stinking firewall!

Fred Baker fred at cisco.com
Tue Jan 5 22:08:57 UTC 2010

The primary value of a firewall is two-fold:

  - It enables a network administrator to define his "edge", the  
interior of which he is responsible for.
  - It enables a network administrator to isolate his network from  
externally-originated traffic per his whims and viewpoints.

IMHO, it is not a security solution per se; it is comparable perhaps  
to human skin - keeping certain stuff out to limit the need to use  
other tools that one uses internally. That said, the tools one uses to  
create true security are a combination of network-based detection/ 
analysis equipment like honeypots, router configurations, and sensors,  
and host-based security technologies. In the final analysis, the  
hosted application is responsible for its own security (if some  
attacker threads the needle, it had better be able to handle the  
attack), and uses host and network facilities as defense-in-depth (the  
less it has to worry about that the more effective overall security is).

On Jan 5, 2010, at 12:16 PM, Brian Johnson wrote:

> Security Gurus, et al,
> I have my own idea of what a firewall is and what it does. I also
> understand what statefull packet inspection is and what it does. Given
> this information, and not prejudging any responses, exactly what is a
> firewall for and when is statefull inspection useful?
> Please respond on-list as I want to have some useful discourse and
> discussion in the clear. Flamers and Trolls will be disregarded. :)
> Thank you.
> - Brian
> CONFIDENTIALITY NOTICE: This email message, including any  
> attachments, is for the sole use of the
> intended recipient(s) and may contain confidential and privileged  
> information. Any unauthorized review,
> copying, use, disclosure, or distribution is prohibited. If you are  
> not the intended recipient, please
> contact the sender by reply e-mail and destroy all copies of the  
> original message. Thank you.


More information about the NANOG mailing list