North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Firewall opinions wanted please
- From: bill
- Date: Wed Mar 17 18:06:11 2004
> "the primary purpose of a firewall is to keep the bad
> guys away from the buggy code. Firewalls are the networks' response to
> the host security problem."
a pretty good sound bite. :)
> Add to that that you don't really know what's
> safe or unsafe, and that you have some services that are convenient for
> insiders but don't have adequate, scalable authentication on which you
> can build an authorization mechanism, and you see why firewalls are
> Perfect? No, of course not. A good idea? Absolutely.
Who is configuring the "firewall"? What are its capabilities?
How easy will it be to deploy new services? I, as an enduser,
am abdicating most of my responsibility to or it is being hijacked
by one or more network service providers. Ken is right.
Firewalls, in general, seem to be a great place for blackhats
to focus on. DoS is trivial, the degenerate case is encaps
of everything into stuff that passes through the firewall
(IP over port 80), and then we've just pushed the problem
elsewhere, adding more complexity to the system for little
if any improvment in the overall integrity. Sounds like
the result is a system that is more fragile.
> --Steve Bellovin, http://www.research.att.com/~smb
Noting that the nanog thread of the day has changed, but
not n'cessly for the better. :)