Re: to PFW or not to PFW

On Tue, 31 Jan 2006 17:05:05 +0000, JIP wrote:

> Greetings
>
> As a non-techie I am confused. Whilst lurking in this and related groups I
> see a debate that goes on as to whether there is any point in using PFWs, in
> particular to monitor outgoing traffic. Some say it's essential (as do most
> magazines, and of course all companies marketing such products) and others
> say that they are so easily circumvented that it's a waste of time - and if
> I understand correctly, some even say that they actually open up further
> vulnerabilities.
>
> So, what may be a naive question - is there any point in using a PFW to at
> least stop badly written nasties from kiddy vandals who haven't learned yet
> how to do it properly?
>
> Byee

I hope I understood your post right, here is my best answer.

You can never have a 100% effective firewall/filter, you can only do risk
mitigation. The more risk mitigation the safer you are. If that means
putting layers of security between you and the rest of the world thats
fine. One of those layers might as well be a PFW/Packet filter.

Of course there is always a risk with *any* in-line device that it could
be exploited by sending a particular packet through it. This has happened
in the past. I remember it happened with Snort and something similar
happened to the BSD PFW (IPFW) http://secunia.com/advisories/18378/.

Hope my reply counts for something.

-- 
Nick DePetrillo
Network Security Engineer
OSHEAN
PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x121245B5