North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Firewall opinions wanted please
- From: Steven M. Bellovin
- Date: Tue Mar 16 22:36:43 2004
In message <200403170238.i2H2caAA006011@turing-police.cc.vt.edu>, Valdis.Kletni
>Content-Type: text/plain; charset=us-ascii
>On Tue, 16 Mar 2004 14:27:16 PST, Nicole <email@example.com> said:
>> From what I have heard a proxy firewall would be best?
>I'll go out on a limb here and say that the actual make and model of the
>firewall don't matter anywhere *near* as much as a proper understanding on the
>client's part of what a firewall can and can't do.
You're not going out on a limb; you're absolutely right, and I've been
saying that for years. I'll quote myself:
Although firewalls are a useful part of a network security
program, they are not a panacea. When managed properly, they
are useful, but they will not do everything. If
firewalls are used improperly, the only thing they buy you
is a false sense of security.
Beyond that, different security policies have a much greater impact
than different brands or types of firewalls.
--Steve Bellovin, http://www.research.att.com/~smb