Firewall Article

[Scheizekopf]

I just read this article on Firewall appliances. I found it pretty interested and written well. Thought others would feel the same.

http://loop.interop.com/comments.php?id=226_0_1_0_C

 

[BobSutan]

That entire article was rather "meh" if you ask me. No offense, but besides a page of rhetoric (which amounted to common-sense to those of us in the field anyway), what was the author's point? The whole thing read like a memo trying to convince PHBs to upgrade their firewall to the new wiz-bang offering from Widgets, Inc.

Something that should be noted is that as firewalls seem to be looked at like they're the best thing since sliced bread and should be able to do everything to protect the network. While this may traditionally be the case at the perimeter (which is usually a packet filtering function), dumping your AV, URL filter, proxy server, and kitchen sink into one "firewall appliance" doesn't exactly sit well with those of us who don't like single points of failure. Merging security services in some regards make sense and sometimes has the benefit of a synergistic affect, but to put all your eggs in one basket is irresponsible at best, regardless of whether or not there are devices out there that allow you to do it. Bottom line: I feel that security engineers need to exercise restraint when these products are waved in their face. One must take careful consideration of whether or not to use an all-in-one device like the 3G firewalls the author speaks of due to the inherent reliablity liablity they present to network services should they ever fail, or be disrupted in some manner. And remember, in the real world failure is not a matter of if, but of when.

 

[Scheizekopf]

Damn. Feels like I got shot down. Sorry for posting.

 

[BobSutan]

Nah, don't feel that way. Its a good read for those still getting into IA.

 

[Darthkim]

Like BobSutan said, its somewhat weak-ass. But its ok from a high-level point of view. No sweat. We all start at some point no? The great articles we read 3 years ago, read like babybooks today. No Bigge. That means your learning.

If you really want to get into firewalls, go read this

Building Internet Firewalls.
http://www.oreilly.com/catalog/fire2/index.html.

The basic concepts are solid, some of the things are a bit outdated. But its a solid reference and talks in depth about some designs.

Also there are plenty of free security magazines that are decent. Subscribe to them to get a better feel of the industry and the products that are out there.

Hope this helps. Carry on!