I don't need no stinking firewall!
fred at cisco.com
Tue Jan 5 22:08:57 UTC 2010
The primary value of a firewall is two-fold:
- It enables a network administrator to define his "edge", the
interior of which he is responsible for.
- It enables a network administrator to isolate his network from
externally-originated traffic per his whims and viewpoints.
IMHO, it is not a security solution per se; it is comparable perhaps
to human skin - keeping certain stuff out to limit the need to use
other tools that one uses internally. That said, the tools one uses to
create true security are a combination of network-based detection/
analysis equipment like honeypots, router configurations, and sensors,
and host-based security technologies. In the final analysis, the
hosted application is responsible for its own security (if some
attacker threads the needle, it had better be able to handle the
attack), and uses host and network facilities as defense-in-depth (the
less it has to worry about that the more effective overall security is).
On Jan 5, 2010, at 12:16 PM, Brian Johnson wrote:
> Security Gurus, et al,
> I have my own idea of what a firewall is and what it does. I also
> understand what statefull packet inspection is and what it does. Given
> this information, and not prejudging any responses, exactly what is a
> firewall for and when is statefull inspection useful?
> Please respond on-list as I want to have some useful discourse and
> discussion in the clear. Flamers and Trolls will be disregarded. :)
> Thank you.
> - Brian
> CONFIDENTIALITY NOTICE: This email message, including any
> attachments, is for the sole use of the
> intended recipient(s) and may contain confidential and privileged
> information. Any unauthorized review,
> copying, use, disclosure, or distribution is prohibited. If you are
> not the intended recipient, please
> contact the sender by reply e-mail and destroy all copies of the
> original message. Thank you.
More information about the NANOG