-----BEGIN PGP SIGNED MESSAGE-----
"Keith" == Keith Moore <moore(_at_)cs(_dot_)utk(_dot_)edu> writes:
Keith> OTOH, the network cannot expect hosts to protect it; it must
Keith> protect itself. that's why I say that the primary purpose of
Keith> firewalls is to protect the network. if the firewall can also
Keith> provide security in depth for hosts, that's useful, but that's
Keith> just a backup - there's no way to have confidence in the
Keith> security of a host that relies on firewalls as its primary means of
Keith> protection.
As former lead developer at an early firewall company, who made lots of
money selling firewalls before the age of the LookOut-Virus, I concur with
Keith.
Firewalls are about *belt and suspenders*
They can provide auditing functions as well (and I still think that
this is the main argument for them), but firewall vendors have screwed that
up so badly, that this is now better done by dedicated IDS.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr(_at_)sandelman(_dot_)ottawa(_dot_)on(_dot_)ca
http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBPvTOboqHRg3pndX9AQGFgAQA1m1XL2TgV/9FX8GPLvzZe7Wr8qW1fsF5
GDsNcXTTlZDu0f7l4Ov/fXDzyRhWzLyo0J1Im2SVJ1Bf40JtRp2SqMYbbtS9IO8a
YHc6S6vjSE0UQpXwbfsFWSmqYXO2FBVQ1DCTfeelkF9vZv0eJTRxh6i3Z8hCCLaq
RgP+FILHAxc=
=1VN1
-----END PGP SIGNATURE-----