-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Erik Haagsman wrote: | On Wed, 2004-03-17 at 21:02, Petri Helenius wrote: | |>No, the applications should accept only authorized connections. If that |>would be the case, there would be no need to filter at packet level. | | | No, since this would be assuming that each application is perfect and | there's no such thing as buffer overflows and other software bugs | (including those in authentication routines). A firewall is an extra | line of defence in preventing malicious packets from reaching the | destination app and the more people have one the better (although I'm | not sure whether grandma would be too bothered) | It's not bulletproof (and could potentially contain a gut itself) but it | provides additional security, regardless of authenticaion of | connections. | | | And I think you have hit it right on the head...another line of defense. Everything I've ever read about security (network or otherwise) suggests that a layered approach increases effectiveness. I certainly don't trust a firewall appliance as my only security device, so I also do prudent things like disable ports and applications that are not in use on my network and enforce authentication and authorization for access to legitimate services. - -- ========= bep -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (MingW32) iD8DBQFAWLiWE1XcgMgrtyYRAjh+AJ9Cio8w/iPuT+EfUK26ku2RdDl9JwCgrN9P Qll6/VX0Z4xVBRf+G0S5HXA= =uFwS -----END PGP SIGNATURE-----