Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Firewall opinions wanted please

  • From: Bruce Pinsky
  • Date: Wed Mar 17 15:47:11 2004

Hash: SHA1

Erik Haagsman wrote:

| On Wed, 2004-03-17 at 21:02, Petri Helenius wrote:
|>No, the applications should accept only authorized connections. If that
|>would be the case, there would be no need to filter at packet level.
| No, since this would be assuming that each application is perfect and
| there's no such thing as buffer overflows and other software bugs
| (including those in authentication routines). A firewall is an extra
| line of defence in preventing malicious packets from reaching the
| destination app and the more people have one the better (although I'm
| not sure whether grandma would be too bothered)
| It's not bulletproof (and could potentially contain a gut itself) but it
| provides additional security, regardless of authenticaion of
| connections.

And I think you have hit it right on the head...another line of defense.
Everything I've ever read about security (network or otherwise) suggests
that a layered approach increases effectiveness.  I certainly don't trust a
firewall appliance as my only security device, so I also do prudent things
like disable ports and applications that are not in use on my network and
enforce authentication and authorization for access to legitimate services.

- --

Version: GnuPG v1.2.2 (MingW32)


Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.