This is a discussion on Re: [fw-wiz] How automate firewall tests - Firewalls ; > Marcus J. Ranum wrote: > > Isaac Van Name wrote: > >You have referred to packet-based > >firewalls as being outdated. > > I'm not sure if they're "outdated" as much as "never were > particularly good to begin ...
> Marcus J. Ranum wrote:
>
> Isaac Van Name wrote:
> >You have referred to packet-based
> >firewalls as being outdated.
>
> I'm not sure if they're "outdated" as much as "never were
> particularly good to begin with"
I agree.
There is a reminder for the younger. Take a look at that Brent Chapman's paper
from 1992: Network (In)Security Through IP Packet Filtering
(http://www.greatcircle.com/pkt_filtering.html)
And that paper from 14 years ago told us that "testing and monitoring filters is
difficult".
And 14 years ago, all those firewall-friendly (HTTP-tunneling)application did
not even exist!
JDG.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards
