[121276] in North American Network Operators' Group
Re: I don't need no stinking firewall!
daemon@ATHENA.MIT.EDU (Joe Maimon)
Thu Jan 14 12:13:53 2010
Date: Thu, 14 Jan 2010 12:13:07 -0500
From: Joe Maimon <jmaimon@ttec.com>
To: "Dobbins, Roland" <rdobbins@arbor.net>
In-Reply-To: <A346098D-7931-441E-B7C3-A66180BA741F@arbor.net>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Dobbins, Roland wrote:
>
> On Jan 10, 2010, at 1:22 PM, harbor235 wrote:
>
>> Again, a firewall has it's place just like any other device in the network, defense in>>> depth is a prudent philosophy to reduce the chances of compromise, it does not>>>eliminate it nor does any architecture you can think of, period
>
> What a ridiculous statement - of course it does.
>
> *The place of the stateful firewall is in front of clients, not servers*.
>
Servers can also be clients who can benefit from state tracking.
The best answer I have to that scenario is to make the client path
different than the server path.
Joe
