On Tue, 5 Jan 2010 14:16:58 -0600 "Brian Johnson" <bjohnson@drtel.com> wrote:
Security Gurus, et al,
I have my own idea of what a firewall is and what it does. I also understand what statefull packet inspection is and what it does. Given this information, and not prejudging any responses, exactly what is a firewall for and when is statefull inspection useful?
First thing to work out is your threat model. Once you've worked out what you're trying to protect, who you're trying to protect it from, and what techniques they're likely use to break that protection, you can then work out if a firewall is the right tool, then work out how many to have and where (network perimeter only, network perimeter + hosts, network perimeter + hosts + in application protection (e.g. authentication like in ssh - remember, it's people that are your real threat, not machines and their IP addresses - those are just the tools people use). The trap is to think technology like firewalls are only thing you need to worry about. Unfortunately they won't stop the building cleaners from lifting things out of the bins under desks.
Please respond on-list as I want to have some useful discourse and discussion in the clear. Flamers and Trolls will be disregarded. :)
Thank you.
- Brian
CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, copying, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Thank you.