In message <200403170238.i2H2caAA006011@turing-police.cc.vt.edu>, Valdis.Kletni eks@vt.edu writes:
--==_Exmh_2134986584P Content-Type: text/plain; charset=us-ascii
On Tue, 16 Mar 2004 14:27:16 PST, Nicole <nmh@daemontech.com> said:
From what I have heard a proxy firewall would be best?
I'll go out on a limb here and say that the actual make and model of the firewall don't matter anywhere *near* as much as a proper understanding on the client's part of what a firewall can and can't do.
You're not going out on a limb; you're absolutely right, and I've been saying that for years. I'll quote myself: Although firewalls are a useful part of a network security program, they are not a panacea. When managed properly, they are useful, but they will not do everything. If firewalls are used improperly, the only thing they buy you is a false sense of security. Beyond that, different security policies have a much greater impact than different brands or types of firewalls. --Steve Bellovin, http://www.research.att.com/~smb