North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Firewall opinions wanted please
> > No. Quite apart from the fact that you mean "authorized", not > "authenticated", the primary purpose of a firewall is to keep the bad > guys away from the buggy code. Firewalls are the networks' response to > the host security problem. No. let's imagine, that I have 4 hosts, without ANY security problems in software, and I'd like to provide WEB service. Firewall protects other services from outside access. Without it, you can slogin to me, if you know my password, even if host have not any bugs. (Of course, SecureID, hand scan etc... decreases a need for this.) Second. Not ANY network require FireWall. If network (grandma) do not allow any ACCESS fron Internet (grandma's netword do not allow access because it does not expose any IP device to outside network, using NAT for outgoing connections), it can live withourt any ACl and any firewall attributes - and be as secure as production network with expansive firewall(s). Key word is _ACCESS_. No ACCESS - no FireWall (cut wires). One Way Access - many different devices plays role of firewall (PNAT translator, for example, makes 99.9% of the work). More ACCESS required - mode COMPLICATED firewalls are required. So, key word is not PROTECTION but ACCESS.