[4865] in WWW Security List Archive
Re: Packet Filters or Proxy Firewalls?
daemon@ATHENA.MIT.EDU (Chad Schieken)
Fri Mar 21 09:33:38 1997
To: www-security@ns2.rutgers.edu
In-reply-to: Your message of "Thu, 20 Mar 1997 21:42:08 EST."
<199703210242.VAA07698@raptor.research.att.com>
Date: Fri, 21 Mar 1997 07:44:40 -0500
From: Chad Schieken <cschieke@advsys.com>
Errors-To: owner-www-security@ns2.rutgers.edu
Do you mean packet filters, or packet filters only?
Packet filtering along with application gateways go along way to protecting a
network.
To do the packet filtering one interesting box I just started playing with is
Sun "sunscreen" or SPF. It's cool because, it is not on the NETWORK!! thus you
can't attack it remotely. You must have physical access. Yeah I know physical
access is usally the weakest link.
But becuase it act's like an ethernet hub (that filters), you can use the same
box to protect bothsides of your firewall. Ie protect your DMZ from the
Internet, by allowing on the inbound and outbound services you choose. And
protect internal from the DMZ by doing the same thing.
> I would generally recommend avoiding packet filters.
>
>
> --Steve Bellovin
>
