Avira's firewall
in [Firewalls]
|
From: Grant Taylor on 14 Apr 2010 19:43 gufus wrote: > Hi Grant, Hi gufus, > Hmmmm... sounds like an echo here. <grin> ;-) > With only basic networking skills, I'm taking notes on you discussion > with Ansgar, interesting to-say-the least. Ansgar seems to have a very strong opinion on what we are discussing. Further, Ansgar is presenting logical points to support his / her opinion. With no insults going back and forth, I see no reason why it can't be a productive discussion, even if we ultimately decide to agree to disagree. That being said, Ansgar has presented a couple of compelling points: 1) The code of the firewall its self could be a weakness. 2) There is little point in protecting one server from another when both can be attacked the same way that successfully exploited the first. Grant. . . .
From: gufus on 14 Apr 2010 14:11 Hi Grant, Wednesday April 14 2010, Grant Taylor writes to Gypsy BBS: > Ansgar seems to have a very strong opinion on what we are > discussing. Further, Ansgar is presenting logical points to > support his / her opinion. With no insults going back and Nice... yes no insults, I guess with myself he/her didn't like what my opinion was about this thread, which started about a server having a firewall, but with that, I do understand, /first/ firewall the network boundary, then if wanted/needed firewall everything behind it. > That being said, Ansgar has presented a couple of compelling > points: > 1) The code of the firewall its self could be a > weakness. > 2) There is little point in protecting one server from > another when both can be attacked the same way that > successfully exploited the first. Good points! Agreed! Kind Regards. -- K Klement Enhance your marketing at http://www.gypsy-designs.com mailto:info(a)gypsy-designs.com Gypsy Designs Fax: (403) 242-3221 .... It is annoying to be honest to no purpose.
From: Grant Taylor on 14 Apr 2010 22:23 gufus wrote: > Hi Grant, *wave* > Nice... yes no insults, I guess with myself he/her didn't like what > my opinion was about this thread, which started about a server having > a firewall, but with that, I do understand, /first/ firewall the > network boundary, then if wanted/needed firewall everything behind > it. A friend and colleague of mine used an analogy to describe the edge firewall (with lack of internal firewall / layers) that I chuckled at. I figured that others were over worked like my self and could use a chuckle, so here it is. "crunchy shell / soft-gooey center" > Good points! Agreed! :) > Kind Regards. Likewise. Grant. . . .
From: gufus on 15 Apr 2010 18:23 Hello, Grant! You wrote on Wed, 14 Apr 2010 21:23:59 -0500: | chuckle, so here it is. | | "crunchy shell / soft-gooey center" | :-) Good one! -- With best regards, gufus. E-mail: stop.nospam.gbbsg(a)shaw.ca
From: Grant Taylor on 15 Apr 2010 20:43
gufus wrote: > Hello, Grant! *wave* > Good one! I thought so. That's why I shared it. Here's my colleagues full comment (with permission): """Yes, host-based firewalls are necessary to keep the "crunchy shell/soft-gooey center" phenomenon from happening in a network. It is about layers. If an attacker gets beyond a border firewall and there is nothing keeping them from accessing every machine, the network owner will wish host-based firewalls would have been in place.""" Again, I think this is more talking about end user workstations than servers. But I still think it's a good point. Grant. . . . |