Great Circle Associates Firewalls
(October 1995) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Firewall1 Comparison
From: Alan Hannan <alan @ mid . net>
Date: Fri, 13 Oct 1995 10:38:32 -0500 (CDT)
To: avolio @ TIS . COM (Frederick M Avolio)
Cc: firewalls @ GreatCircle . COM
In-reply-to: <9510131312 . AA03024 @ tis . com> from "Frederick M Avolio" at Oct 13, 95 09:12:54 am 
.........  Frederick M Avolio is rumored to have said:
] 
] >>Application gateways are more secure.
] >
] >This statement is perhaps too strong.
] 
] Indeed, I am being dogmatic, in my loveable way. :-)

  Indeed, though we may argue on adverbs.

  IMHO saying Application Gateways are more secure is a very true
  statement.  How about this one?  "Adding more services makes one
  more likely to have security problems", or "A policy of that which
  is not allowed is denied is more secure than a policy of that which
  is not disallowed is allowed."

  While I can find a secure firewall that has more more services
  than an insecure one in _general_ the rule is true.  Likewise, a
  firewall with 'not allowed denied' is not necessarily more secure
  than a firewall with 'not denied allowed'.

  My point, dealing with the packet in and of itself, as opposed to
  based upon the mac/tcp/ip/udp headers is significantly more
  secure, generally speaking.
-- 
Alan Hannan        http://www.mid.net/~alan     402/472-0239
Network Systems/Security Administrator          MIDnet, Inc.
Follow-Ups:
References:
Indexed By Date Previous: Re: Firewall1 Comparison
From: "Sacherich, Larry" <sacherich @ ppg . com>
Next: Re: First and last subnet ???
From: Howard Berkowitz <hcb @ clark . net>
Indexed By Thread Previous: Re: Firewall1 Comparison
From: Frederick M Avolio <avolio @ TIS . COM>
Next: Re: Firewall1 Comparison
From: Carl Jolley <cjolley @ iac . net>
Google
 
Search Internet Search www.greatcircle.com