Re: Belkin not-real-firewall?

"Anders Arnholm" <Anders+news@Arnholm.nu> wrote in message
news:slrne2fal2.d5b.Anders+news@tika.arnholm.se...
> Duane Arnold <NotME@NotME.com> skriver:
>>> Personally think the more common short version is better :-)
>> Personally I think the one I am presenting is better. So there you go tic
>> for tac I guess.
>
> Thats one of the problems with a non defined vocabulary. The problem
> with your long definition (that have a list good things to have in a
> firewall) is that it leaves open for real firewalls and other
> something without name, e.g. maybe bad firewalls.

We can go around and around on it. You got your opinion and I have my
opinion and we'll leave it that.

>
>>> No but it has to be included in the demands on the FW.
>> It's not the job of the gateway FW solution to be some kind of security
>> solution for workstations or servers behind the solution other than
>
> I think that when desinging firewall solutions one has to take what
> machines and what security solutions they use into consideration. A
> firewall for a network with one OpenBSD webserver, (propperly closed
> down with competent admins) need less consideration thatr a firewall
> for a mixed company with different maybe not competenty persosn
> running services on there laptops.

You left out desktops and what you say on the two situations is a given.
>
> In the first situation something thats cleans out spoofing might be all
> needed to be done. All network traffic except spoofed fraffic may
> flow. In the second situation more work have to be added to the
> design.
>

In the second situation , if the machines are networking, the host based
packet filter FW is buying them nothing, unless the solution has some kind
of IDS implemented in it that creates/controls packet filtering rules for
the packet filter or host based FW solution.

Duane :)
Received on Mon May 1 01:03:07 2006