Mouss,
Okay, I'll stop bickering about your choice of words.
I wouldn't have chosen "perfect" myself, for all that the
word implies, but I agree with your definition of "the
best that we can do for now"; keep the actual traffic
controlling part of the firewall system as tight as
possible. Let it do what it does best: drop and allow
traffic based on a rule list, and do this as securely
as possible. I'm neither a big fan of huge clunky
firewalls with millions of lines of code. The increased
risk of remote firewall compromise is too great compared
to the perceived increase in security gained through
complex traffic analysis.
(And this opens up a whole different can of worms :)
Regards,
Mikael Olsson
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 �RNSK�LDSVIK
Phone: +46 (0)660 29 92 00 Direct: +46 (0)660 29 92 05
Mobile: +46 (0)70 66 77 636 Fax: +46 (0)660 122 50
WWW: http://www.enternet.se/ E-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
