Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Firewall opinions wanted please

  • From: bill
  • Date: Wed Mar 17 18:06:11 2004

> "the primary purpose of a firewall is to keep the bad 
> guys away from the buggy code.  Firewalls are the networks' response to 
> the host security problem."

	a pretty good sound bite. :)

> Add to that that you don't really know what's 
> safe or unsafe, and that you have some services that are convenient for 
> insiders but don't have adequate, scalable authentication on which you 
> can build an authorization mechanism, and you see why firewalls are 
> useful.
> Perfect?   No, of course not.  A good idea?  Absolutely.  

	Er... perhaps.

	Who is configuring the "firewall"? What are its capabilities?
	How easy will it be to deploy new services?  I, as an enduser,
	am abdicating most of my responsibility to or it is being hijacked
	by one or more network service providers.   Ken is right.

	Firewalls, in general, seem to be a great place for blackhats
	to focus on.  DoS is trivial, the degenerate case is encaps
	of everything into stuff that passes through the firewall
	(IP over port 80), and then we've just pushed the problem
	elsewhere, adding more complexity to the system for little
	if any improvment in the overall integrity.  Sounds like
	the result is a system that is more fragile. 

> 		--Steve Bellovin,

--bill (cynic)

	Noting that the nanog thread of the day has changed, but 
	not n'cessly for the better. :)

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.