Rick Murphy wrote:
>
> Actually, proxy firewall vendors consider this a plus - if someone attempts
> a network stack crash DOS on your network and the firewall crashes, nothing
> gets through. That's a good thing.
True, but what about this aspect:
If your business is based on being connected, you have a big problem if
your firewall keeps going belly-up.
DoS attacks are just that: Denial of Service attacks. DoS your firewall
and everything is screwed. DoS some of your vulnerable, public servers
and not everything is screwed. Some of the servers may NOT be vulnerable,
and your clients will still be able to connect to the Internet.
DoS attacks don't lead to compromised servers, so it can't be argued
that "failing closed" buys you better protection against intrusion.
> All you've got to do is fix that one
> machine's stack and the DOS goes away.
All you've got to do with a filtering firewall is implement the correct
filter (or wait for a fix) and you get the vulnerable servers back up.
I know which one I prefer :-)
/Mike
--
Mikael Olsson, EnterNet Sweden AB, Box 393, SE-891 28 �RNSK�LDSVIK
Phone: +46-(0)660-29 92 00 Fax: +46-(0)660-122 50
Mobile: +46-(0)70-66 77 636
WWW: http://www.enternet.se E-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
