firewall-wizards@listserv.icsalabs.com
To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com
You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."
Today's Topics:
1. Re: Firewall rules order and performance (Jean-Denis Gorin)
2. Re: Firewall rules order and performance (Eric Gearhart)
----------------------------------------------------------------------
Message: 1
Date: Mon, 27 Jul 2009 10:21:25 +0200
From: Jean-Denis Gorin <jdgorin@computer.org>
Subject: Re: [fw-wiz] Firewall rules order and performance
To: mjr@ranum.com, Firewall Wizards Security Mailing List
<firewall-wizards@listserv.cybertrust.com>
Message-ID: <1248682885.4a6d63855b6ae@imp.free.fr>
Content-Type: text/plain; charset=ISO-8859-1
Selon "Marcus J. Ranum" <mjr@ranum.com>:
>
> It always seemed to me that a lot of the "system design"
> of firewalls was "let's put our head between our knees and
> hope Moore's law or marketing takes care of it for us."
You should mean "system design of software", not only of firewalls (or whatever
kind of security software...), and "let's put our head between our knees and
hope Moore's law or marketing takes care of it for us. Else, we will deliver
some patches." :-(
And more than 10 years of that state of mind for software engineering resulted
in having pathes as the ultimate solution for all problems!
Who remember that firewalls (as application gateways) was designed to solve (or
to ease a lot) the patch management problem?
Now, we are back to patch management as the solution for all problems because
dumb people (managers, marketers, buyers, system admins, network admins,
developers, or whatever fit your situation) are unable (or unwilling) to
understand what is a firewall, and what is it due for...
JDG
------------------------------
Message: 2
Date: Tue, 28 Jul 2009 14:06:24 -0700
From: Eric Gearhart <eric@nixwizard.net>
Subject: Re: [fw-wiz] Firewall rules order and performance
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID:
<5792267e0907281406w5e703744rfcdd41e38a9cc0e4@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
On Mon, Jul 27, 2009 at 1:21 AM, Jean-Denis Gorin<jdgorin@computer.org> wrote:
> Who remember that firewalls (as application gateways) was designed to solve (or
> to ease a lot) the patch management problem?
> Now, we are back to patch management as the solution for all problems because
> dumb people (managers, marketers, buyers, system admins, network admins,
> developers, or whatever fit your situation) are unable (or unwilling) to
> understand what is a firewall, and what is it due for...
Part of the problem with your argument is that in order for e,g, a web
server to be reached, port 80 (and maybe port 443) have to be allowed
through the firewall. That fact alone means that the webservers have
to be patched, because as long as the firewall is allowing legitimate
traffic through, it could also be allowing malicious traffic
through...
--
Eric
http://nixwizard.net
------------------------------
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
End of firewall-wizards Digest, Vol 39, Issue 9
***********************************************
No comments:
Post a Comment