Merton Campbell Crockett wrote:
>
> The following are the three basic types of firewall and what are often given
> as examples of the class.
>
> Packet Filter Cisco IOS
> Application Proxy Gauntlet
> Stateful Inspection Firewall-1
Kind of wondering if IOS is still a good example of basic packet
filtering. The new filters maintain connection state. This means no more
leaving open >1023 est and being susceptible to FIN/RST scans. It also
mean you can control UDP flow properly.
I would also argue that dynamic packet filtering is 97% as effective as
Stateful Inspection as most protocols are not "inspected", just
dynamically filtered.
Comments?
Cheers,
Chris
--
**************************************
[EMAIL PROTECTED]
* Multiprotocol Network Design & Troubleshooting
http://www.amazon.com/exec/obidos/ASIN/0782120822/geekspeaknet
* Mastering Network Security
http://www.amazon.com/exec/obidos/ASIN/0782123430/geekspeaknet
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
