[171143] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Requirements for IPv6 Firewalls

daemon@ATHENA.MIT.EDU (Dobbins, Roland)
Fri Apr 18 22:14:28 2014

From: "Dobbins, Roland" <rdobbins@arbor.net>
To: "nanog@nanog.org" <nanog@nanog.org>
Date: Sat, 19 Apr 2014 02:10:45 +0000
In-Reply-To: <5351D9B3.2030902@utc.edu>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org

On Apr 19, 2014, at 9:04 AM, Jeff Kell <jeff-kell@utc.edu> wrote:

> It's how we provide access control.

Firewalls <> 'access control'.

Firewalls are one (generally, very poor and grossly misused) way of providi=
ng access control.  They're often wedged in where stateless ACLs in hardwar=
e-based routers and/or layer-3 switches would do a much better job, such as=
 in front of servers:

<https://app.box.com/s/a3oqqlgwe15j8svojvzl>

-----------------------------------------------------------------------
Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>

	  Luck is the residue of opportunity and design.

		       -- John Milton


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[171143] in North American Network Operators' Group

Re: Requirements for IPv6 Firewalls

daemon@ATHENA.MIT.EDU (Dobbins, Roland)Fri Apr 18 22:14:28 2014

daemon@ATHENA.MIT.EDU (Dobbins, Roland)
Fri Apr 18 22:14:28 2014