Nope... I'd say you're right. Specially if you have a proxy that requests the
user to type in his password (when authentication is not done with the current
usercontext).
This is probably also the case when you're trying to get something up and no
appropriate Proxies exist. It's often put in as an argument that Stateful
Inspection is faster, more flexible but under circumstances a bit less secure.
I'm also one of those that CLAIM this to be true ;-)
Administration on proxy-like gateways might require under circumstances more
administrative effort to create users - however this can also be true for the
rulesets of SI type of firewalls. It's really diffrent for every FW.
Cheers
Boris Pavalec [QPB]
Network / System Engineer [MCSE]
Highend Computing Systems
Switzerland - Zuerich
http://www.nt-admin.net
[EMAIL PROTECTED]
-----Original Message-----
From: sylvain.gitta [mailto:[EMAIL PROTECTED]]
Sent: Donnerstag, 20. Mai 1999 16:51
Cc: sylvain.gitta; firewalls
Subject: UNAUTHENTICATED: Re: Application gateway Vs Stateful Inspection
Hi
What about backdoor issues?
>From what I understand, with packet filters, stateful or not, a trojan
horse could open a connection to the outside world on a given port
(if it's permitted of course), and establish contact with the cracker's
system.
That would be less easy to do with application gateways, for which
specific processes should be implemented.
Am I wrong?
Sylvain
Peter wrote:
>
> Does anyone tell me the difference especially in performance &
> administration between Application gateway type (e.g. Gauntlet) & Stateful
> Inspection type (e.g. Firewall-1) ?
>
> Thanks in advance!
>
> Peter Fung
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
WINMAIL.DAT
