Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Firewall opinions wanted please

  • From: Rachael Treu
  • Date: Wed Mar 17 15:36:14 2004

On Wed, Mar 17, 2004 at 12:19:53PM -0500, Eric Gauthier said something to the effect of:
> > > _Everyone_ (network connected) should have a firewall.  My grandma should 
> > > have a firewall.  Nicole, holding dominion over this business network and 
> > > its critical infrastructure, should _definitely_ have a firewall.  ;)
> By "firewall", do you mean "dedicated unit that does statefull filtering"


> or just "something that will block packets"?  We've successfully argued
> to just about every group here at our University who came to us asking for a 
> "firewall" that, given what they wanted to achieve, they could accomplish the 
> same thing with simple ACLs...  

1. A fireproof wall used as a barrier to prevent the spread of fire. 
2. Computer Science. Any of a number of security schemes that prevent unauthorized users from gaining access to a computer network or that monitor transfers of information to and from the network. 
> I'm sure that the cost of the ACL's (i.e. $0.00) versus the cost of a firewall 
> also helped them in their decision...

This is just a semantic issue.  I am putting any packet-level inspection
engine deployed as an access control means into the category of "firewall."
The confusion here would be akin to my retorting with "how on earth are 
deploying lists of system object access rights going to protect a network
edge?"  ;)  ACL has alternate meanings, as well[1].

A sample of what some vendors call some things:

Cisco: router packet-level access control = ACL
Microsoft: OS object permissioning schema = ACL
Linksys: router packet-level access control = firewall
Juniper: router packet-level access control = firewall filter



k. rachael treu, CISSP
..quis costodiet ipsos custodes?..

> Eric :)

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.