On Fri, 20 Jun 2003, Keith Moore wrote:
still, pretending that a firewall can make up for a lack of security on the
host (ANY host) or in the apps is simply unrealistic, no matter who wrote the
host OS.
That statement is simply not true. Based on policies that reject inbound
connections to all computers except those carefully hardended and
sequestered an their own 'DMZ' will dramatically reduce the potential of
compromize from many risky applications ranging from TELNET on Solaris to
SMB on Windows.
More sophisticated firewalls examine data flow for viruses, and other
problematic code.
Securing networks and hosts requires a whole quiver of arrows. A competent
firewall is a significant set of arrows but can't solve the whole problem.
But it will makeup for many security flaws in the hosts and/or
applications. Potential problems can be reduced to almost 0 if careful
users avoid risky behaviors and live behind a solid firewall.
Sure there will be things they can't do, but there are a wealth of things
then can safely do thanks to the Internet accessed thru a firewall.
Dave Morris