......... Frederick M Avolio is rumored to have said:
] >>Application gateways are more secure.
] >This statement is perhaps too strong.
] Indeed, I am being dogmatic, in my loveable way. :-)
Indeed, though we may argue on adverbs.
IMHO saying Application Gateways are more secure is a very true
statement. How about this one? "Adding more services makes one
more likely to have security problems", or "A policy of that which
is not allowed is denied is more secure than a policy of that which
is not disallowed is allowed."
While I can find a secure firewall that has more more services
than an insecure one in _general_ the rule is true. Likewise, a
firewall with 'not allowed denied' is not necessarily more secure
than a firewall with 'not denied allowed'.
My point, dealing with the packet in and of itself, as opposed to
based upon the mac/tcp/ip/udp headers is significantly more
secure, generally speaking.
Alan Hannan http://www.mid.net/~alan 402/472-0239
Network Systems/Security Administrator MIDnet, Inc.