[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: Automagically creating rules
From:       Feico Dillema <feico () pasta ! cs ! uit ! no>
Date:       2002-12-14 18:49:21
[Download RAW message or body]

On Fri, Dec 13, 2002 at 12:04:01PM -0500, Jefferson Ogata wrote:
> Feico Dillema wrote:
> >On Fri, Dec 13, 2002 at 11:10:39AM -0500, Jefferson Ogata wrote:
> 
> IMHO there are two scenarios where a firewall can be really effective:
Agree with you and won't argue with you on that, but there are other
scenarios where a firewall can be somewhat effective. Maybe not
achieve the same goals, but give some protection.

> Once you start mixing these scenarios -- exposing services on insecure 
> intranets -- you've lost the majority of the benefit of either 
> configuration. You just need one bozo with an incorrectly configured proxy 
> server, and the whole intranet with all its glorious vulnerabilities is 
> completely exposed.
Sure, but sometimes that is not the problem that one wants to solve.

Feico.
[prev in list] [next in list] [prev in thread] [next in thread]