On Mon, 21 Feb 2000, Chris Brenton wrote:
> Merton Campbell Crockett wrote:
> >
> > The following are the three basic types of firewall and what are often given
> > as examples of the class.
> >
> > Packet Filter Cisco IOS
> > Application Proxy Gauntlet
> > Stateful Inspection Firewall-1
>
> Kind of wondering if IOS is still a good example of basic packet
> filtering. The new filters maintain connection state. This means no more
> leaving open >1023 est and being susceptible to FIN/RST scans. It also
> mean you can control UDP flow properly.
Cisco IOS 12 with the Firewall Feature Set would probably not be a good
example. :-) But, I and mainy of my customers are still running some older
versions of Cisco IOS.
> I would also argue that dynamic packet filtering is 97% as effective as
> Stateful Inspection as most protocols are not "inspected", just
> dynamically filtered.
>
> Comments?
Can't. I haven't played with dynamic packet filtering yet. But some of my
experience with Firewall-1 suggests that there might not be as much
inspection as they would have you believe.
Merton Campbell Crockett
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
