2000-06-07-04:05:15 Alberto Begliomini:
> The topic of gigabit firewalls has been discussed ad nauseam on
> this mailing list; I still wonder, however, what kind of firewall
> large sites like Yahoo, or Ebay, or E-Trade, just ot name a few,
> are using. My guess is probably they just use access lists on
> their border routers and they harden they servers.
I'm quite sure you're right; that's the way to secure a
high-capacity site. Harden the servers (quite possibly including
packet filtering on the servers), and reinforce with some simple
rules on the border routers (e.g. ingress/egress filtering).
> I don't think that a firewall which can sustain 1 Gbs traffic
> exists yet.
I think you just described one.
A firewall is a tool for imposing controls and monitoring traffic,
to enforce a security policy, applied at a network choke point.
A router with access rules can be a firewall.
So can filtering rules on a hardened host.
-Bennett
PGP signature
