> Marcus J. Ranum wrote:
>
> Isaac Van Name wrote:
> >You have referred to packet-based
> >firewalls as being outdated.

>
> I'm not sure if they're "outdated" as much as "never were
> particularly good to begin with"


I agree.

There is a reminder for the younger. Take a look at that Brent Chapman's paper
from 1992: Network (In)Security Through IP Packet Filtering
(http://www.greatcircle.com/pkt_filtering.html)

And that paper from 14 years ago told us that "testing and monitoring filters is
difficult".
And 14 years ago, all those firewall-friendly (HTTP-tunneling)application did
not even exist!

JDG.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards