home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: comp.protocols.tcp-ip
- Path: sparky!uunet!haven.umd.edu!decuac!hussar.dco.dec.com!mjr
- From: mjr@hussar.dco.dec.com (Marcus J. "will do TCP/IP for food" Ranum)
- Subject: Re: Firewall usage (was: Re: ping works, but ftp/telnet get "no route)
- Message-ID: <1992Jul24.045228.11119@decuac.dec.com>
- Sender: news@decuac.dec.com (USENET News System)
- Nntp-Posting-Host: hussar.dco.dec.com
- Organization: Digital Equipment Corporation, Washington ULTRIX Resource Center
- References: <BrruC8.FEo@spock.dis.cccd.edu> <BrsM1C.36v@cs.columbia.edu> <1992Jul23.142026.20112@sci34hub.sci.com>
- Date: Fri, 24 Jul 1992 04:52:28 GMT
- Lines: 19
-
- >Use of a firewall doesn't indicate
- >laziness on the part of a site; it most probably means that the persons
- >responsible for the Internet connection and security of the sites' net are
- >either too understaffed to maintain all the hosts on their site, or they
- >don't have control over all the hosts, and are therefore not able to make
- >them secure.
-
- It also can mean that the site cares about security. There are
- loads of sites on the net that run NIS... A firewall helps. Having a
- firewall changes your problem domain. Basically, once you are firewalled,
- you presumably *still* have some security - but the firewall acts a
- multi-part role as:
- a) shield - making things harder is always better.
- b) fly-paper - detect intrusion attempts, and you *bet* I do.
- c) a logger - it is hard to get through any decent firewall
- without leaving a logged trace. note the phraseology
- here - many firewalls are not what I would call "decent".
-
- mjr.
-