At 11:37 PM 9/10/97 +0700, Doy wrote:
>
>Or is this just a bad joke.
>
No, damn it -- it's not a bad joke. ;-)
Packet filtering can be quite sufficient, given the
fact that the 'implementors' has done the proper risk
assessment and understands what the hell they are trying
to accomplish in the first place. Packet filtering is
nothing more than a twist on access control. Application
level gateways (ALG's) are generally tailored for brain-
damaged application layer implementations that cannot be
controlled through these traditional methods.
Now, having said that, I should also be forthright in
saying that there are clearly reasons and situations
where these different approaches are appropriate, and
unto themselves, are no less effective than one another,
give the gratuitous application of this methodology.
I'm not here to sell you routers, since we also manufacture
firewall products -- I just think for a living. Sometimes
I think that it places my, by default, in the education
community -- the delivery end. ;-)
- paul
--
Paul Ferguson || ||
Consulting Engineering || ||
Herndon, Virginia USA |||| ||||
tel: +1.703.397.5938 ..:||||||:..:||||||:..
e-mail: ferguson @
cisco .
com c i s c o S y s t e m s
References:
|
|
