On Wed, 2004-03-17 at 21:02, Petri Helenius wrote:
No, the applications should accept only authorized connections. If that would be the case, there would be no need to filter at packet level.
No, since this would be assuming that each application is perfect and there's no such thing as buffer overflows and other software bugs (including those in authentication routines). A firewall is an extra line of defence in preventing malicious packets from reaching the destination app and the more people have one the better (although I'm not sure whether grandma would be too bothered) It's not bulletproof (and could potentially contain a gut itself) but it provides additional security, regardless of authenticaion of connections. -- --- Erik Haagsman Network Architect We Dare BV tel: +31.10.7507008 fax: +31.10.7507005 http://www.we-dare.nl