[121118] in North American Network Operators' Group
RE: I don't need no stinking firewall!
daemon@ATHENA.MIT.EDU (George Bonser)
Sun Jan 10 20:40:59 2010
Date: Sun, 10 Jan 2010 17:40:01 -0800
In-Reply-To: <C76FB8CF.E618B%mksmith@adhost.com>
From: "George Bonser" <gbonser@seven.com>
To: "NANOG list" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> I certainly understand and agree with your position, in most cases,
but
> there are some instances when a firewall serves an excellent purpose.
> As an
> example, we manage hundreds of heterogeneous servers where customers
> also
> have administrative access to the devices. As such, we can never be
> sure
> they haven't changed something that can negatively impact the security
> of
> the server or servers.
Firewalls do have a purpose and I don't think anyone disputes that. I
certainly have firewalls in my network. What I believe the argument
here is about is which kinds of traffic does one use a firewall for and
which kinds of traffic are best left to other devices to handle access
control/management.
And I don't believe anyone is necessarily advocating exposing individual
servers directly to the internet either. There are other devices that
can handle isolation of the servers and protect them against such things
as syn floods.
