Rachael Treu wrote:
Guys...firewall is as generic a term as any. Saying grandma needs a
router does not mean that an M20 is interchangeable with her Linksys.
You're preaching to a list with people on it who invented the terms you are
using *and* wrote the books. Stop lecturing and *listen*.
OK, I've tried to stay out of this, but...
On Thu, 2004-03-18 at 01:17, Alexei Roudnev wrote:
No. let's imagine, that I have 4 hosts, without ANY security problems in
software,
Exactly how do you *prove* there are zero security problems with any of
this software? I hate to say it, but a lot
Firewall protects other services from outside access.
A good firewall *should* be doing a whole lot more than that. It should
Do not overestimate. Firewall can make a little more than just restrict
access and inspect few (very limited) protocols.
It can not protect you from slow scans; it
On Thu, 2004-03-18 at 15:26, Alexei Roudnev wrote:
A good firewall *should* be doing a whole lot more than that. It should
Do not overestimate. Firewall can make a little more than just restrict
access and inspect few (very limited) protocols.
If this concerns you, just use a proxy instead
Netscreen rocks. They are record-breakingly sexy devices running the gamut
as far as networks they can be configured to service and they burlier beasties
are easily worthy of deployment on a carrier class network.
However, if you're looking to drop small change on a product that will not
be
On Tue, Mar 16, 2004 at 05:01:22PM -0600, Gregory Taylor said something to the effect
of:
..snip snip..
As discussed in a previous thread, I spoke about transparent bridging used for
packet filtering and mangling. On a small application, that might be a good idea,
because you get all of
The best option I guess is to figure out how important it is for you to have a
firewall,
_Everyone_ (network connected) should have a firewall. My grandma should
have a firewall. Nicole, holding dominion over this business network and
its critical infrastructure, should
On Wed, Mar 17, 2004 at 08:54:57AM -0800, bill said something to the effect of:
The best option I guess is to figure out how important it is for you to have a
firewall,
_Everyone_ (network connected) should have a firewall. My grandma should
have a firewall. Nicole, holding
_Everyone_ (network connected) should have a firewall.
Why?
Every network-connected device should have a security layer.
Firewalls provide a nice modular security layer and they
are cheap compared to the devices/networks that they protect.
When did the end2end
_Everyone_ (network connected) should have a firewall. My grandma should
have a firewall. Nicole, holding dominion over this business network and
its critical infrastructure, should _definitely_ have a firewall. ;)
By firewall, do you mean dedicated unit that does statefull filtering
Date: Wed, 17 Mar 2004 11:57:33 -0600
From: Rachael Treu [EMAIL PROTECTED]
Sender: [EMAIL PROTECTED]
On Wed, Mar 17, 2004 at 08:54:57AM -0800, bill said something to the effect of:
The best option I guess is to figure out how important it is for you to have a
firewall,
-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Eric Gauthier
Sent: 17 March 2004 17:20
To: [EMAIL PROTECTED]
Subject: Re: Firewall opinions wanted please
_Everyone_ (network connected) should have a firewall. My grandma
should
have a firewall. Nicole, holding dominion
Not _firewalling_, but access limitation. Grandma can live with PNAT
router - she do not need any firewall, if she do not grant external access
to anything. She can live with Windows _default deny_ setting. If grandma
have extra money, it is better to purchase anty-virus.
Moreover. Just for
Rachael Treu wrote:
_Everyone_ (network connected) should have a firewall. My grandma should
have a firewall. Nicole, holding dominion over this business network and
its critical infrastructure, should _definitely_ have a firewall. ;)
No, the applications should accept only authorized
Guys...firewall is as generic a term as any. Saying grandma needs a
router does not mean that an M20 is interchangeable with her Linksys.
The definition of firewall[1]:
1. A fireproof wall used as a barrier to prevent the spread of fire.
2. Computer Science. Any of a number of security
.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Eric Gauthier
Sent: 17 March 2004 17:20
To: [EMAIL PROTECTED]
Subject: Re: Firewall opinions wanted please
_Everyone_ (network connected) should have a firewall. My grandma
should
have a firewall
On Wed, 2004-03-17 at 21:02, Petri Helenius wrote:
No, the applications should accept only authorized connections. If that
would be the case, there would be no need to filter at packet level.
No, since this would be assuming that each application is perfect and
there's no such thing as buffer
On Wed, Mar 17, 2004 at 12:19:53PM -0500, Eric Gauthier said something to the effect
of:
_Everyone_ (network connected) should have a firewall. My grandma should
have a firewall. Nicole, holding dominion over this business network and
its critical infrastructure, should
In message [EMAIL PROTECTED], Petri Helenius writes:
No, the applications should accept only authorized connections. If that
would be the case, there would be no need to filter at packet level.
No. Quite apart from the fact that you mean authorized, not
authenticated, the primary purpose
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Erik Haagsman wrote:
| On Wed, 2004-03-17 at 21:02, Petri Helenius wrote:
|
|No, the applications should accept only authorized connections. If that
|would be the case, there would be no need to filter at packet level.
|
|
| No, since this would be
On Wed, 2004-03-17 at 21:44, Bruce Pinsky wrote:
Everything I've ever read about security (network or otherwise) suggests
that a layered approach increases effectiveness. I certainly don't trust a
firewall appliance as my only security device, so I also do prudent things
like disable ports
On Wed, Mar 17, 2004 at 09:48:30AM -0800, Kevin Oberman said something to the effect
of:
..snip snip..
I dislike firewalls for many applications, although I have a Sonic Wall
on my cable modem. On the whole, they lead to false belief that
firewalls really make you safe. They also block many
the primary purpose of a firewall is to keep the bad
guys away from the buggy code. Firewalls are the networks' response to
the host security problem.
a pretty good sound bite. :)
Add to that that you don't really know what's
safe or unsafe, and that you have some services that
On Wed, Mar 17, 2004 at 03:01:50PM -0800, bill said something to the effect of:
the primary purpose of a firewall is to keep the bad
guys away from the buggy code. Firewalls are the networks' response to
the host security problem.
a pretty good sound bite. :)
Add to that
In message [EMAIL PROTECTED], bill writes:
the primary purpose of a firewall is to keep the bad
guys away from the buggy code. Firewalls are the networks' response to
the host security problem.
a pretty good sound bite. :)
Thanks -- I've been using that line for about 10 years, and
No. Quite apart from the fact that you mean authorized, not
authenticated, the primary purpose of a firewall is to keep the bad
guys away from the buggy code. Firewalls are the networks' response to
the host security problem.
No. let's imagine, that I have 4 hosts, without ANY security
And I think you have hit it right on the head...another line of defense.
Everything I've ever read about security (network or otherwise) suggests
that a layered approach increases effectiveness. I certainly don't trust
a
firewall appliance as my only security device, so I also do prudent
PIX firewalls are great if you configure them correctly for the application. 40 or
less servers may not require something as complex, however if the data you are
protecting is super-critical, I think a PIX might be your best solution.
Proxy firewalls (i.e. Linux, BSD or variant gateways) are
As much as I hate to follow up my own post, I suppose I was a bit too vauge
for my own good =]
We do not run any cisco gear and we are in a Class A data facility.
By proxy I did not mean to imply NAT. I cannot remember the proper term but
what I mean is full packet handeling as opposed to
Depends on many aspects; performance, management, and logging
features. I personally recommend Checkpoint FW-1 Express for a smaller
site if you want easy configuration and a great logging interface;
though the pricing may not be what you are looking for. Cisco PIX is
also great but the
Sonicwall makes a great product that can run in STANDARD (Proxy) mode.
Their prices are pretty good as well, espicially if you buy them
through a reseller. We deploy many of these firewalls every year and
they are great!
Thanks,
Brandon
On Tue, 16 Mar 2004 15:07:26 -0800 (PST)
Nicole
On Tue, 16 Mar 2004 14:27:16 PST, Nicole [EMAIL PROTECTED] said:
From what I have heard a proxy firewall would be best?
I'll go out on a limb here and say that the actual make and model of the
firewall don't matter anywhere *near* as much as a proper understanding on the
client's part of
In message [EMAIL PROTECTED], Valdis.Kletni
[EMAIL PROTECTED] writes:
--==_Exmh_2134986584P
Content-Type: text/plain; charset=us-ascii
On Tue, 16 Mar 2004 14:27:16 PST, Nicole [EMAIL PROTECTED] said:
From what I have heard a proxy firewall would be best?
I'll go out on a limb here and say
You mean _PROTOCL HANDELING_, I believe.
I do not know, why people are paying so much attention to it. Important
questions are:
- which services are you providing for the public?
- who will handle all your SSL sessions, if any (may be, Load Balancers?
Then you do not bother about FW proxy for
34 matches
Mail list logo