On Wed, Mar 17, 2004 at 12:19:53PM -0500, Eric Gauthier said something to the effect of:
_Everyone_ (network connected) should have a firewall. My grandma should have a firewall. Nicole, holding dominion over this business network and its critical infrastructure, should _definitely_ have a firewall. ;)
By "firewall", do you mean "dedicated unit that does statefull filtering"
No.
or just "something that will block packets"? We've successfully argued to just about every group here at our University who came to us asking for a "firewall" that, given what they wanted to achieve, they could accomplish the same thing with simple ACLs...
fire'wall 1. A fireproof wall used as a barrier to prevent the spread of fire. 2. Computer Science. Any of a number of security schemes that prevent unauthorized users from gaining access to a computer network or that monitor transfers of information to and from the network.
I'm sure that the cost of the ACL's (i.e. $0.00) versus the cost of a firewall also helped them in their decision...
This is just a semantic issue. I am putting any packet-level inspection engine deployed as an access control means into the category of "firewall." The confusion here would be akin to my retorting with "how on earth are deploying lists of system object access rights going to protect a network edge?" ;) ACL has alternate meanings, as well[1]. A sample of what some vendors call some things: Cisco: router packet-level access control = ACL Microsoft: OS object permissioning schema = ACL Linksys: router packet-level access control = firewall Juniper: router packet-level access control = firewall filter :) *, --ra [1]http://whatis.techtarget.com/definition/0,289893,sid9_gci213757,00.html -- k. rachael treu, CISSP rara@navigo.com ..quis costodiet ipsos custodes?..
Eric :)