Peter Bruderer wrote:
>
> As soon as you let traffic pass your firewall from the outside
> to the inside even if it is just one single service, it does not
> matter what kind of firewall you have. The firewall can just
> reduce the number of ports you are allowed to connect to. But if
> the server you are connecting to is vulnerable on the
> application layer, the firewall cannot stop an attacker.
Unless the firewall manages to catch the application layer attack,
that is :) No, really, I agree; application layer filtering
is tricky business and noone comes even remotely close to being
good at it these days with the plethora of protocols and
increasing complexity in HTTP & co.
--
Mikael Olsson, EnterNet Sweden AB, Box 393, SE-891 28 �RNSK�LDSVIK
Phone: +46-(0)660-29 92 00 Fax: +46-(0)660-122 50
Mobile: +46-(0)70-66 77 636
WWW: http://www.enternet.se E-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
