mouss wrote:
>
> I can :)
> A firewall is a system based on hardware and or software and designed to help
> you protect a network. It is a tool that performs access control to allow,
> reject or
> alter packets going through it. The access control may be performed on the
> IP packet headers, on TCP/UDP/ICMP/whatever headers, and/or on data.
Can I have a shot, too? :)
I'd say that the definition is actually closer to "A firewall is a system
or collection of systems designed to enforce a security policy."
So, a firewall may be a remote controlled circuit breaker with RJ45 plugs,
if your policy says "we switch Internet access on when we need it and switch
it off at other times to reduce our exposure".
There's nothing in any firewall definition that says that a firewall has
to look at IP, TCP, etc, etc and/or modify, or selectively drop packets, or
anything at all.
If your security policy states "anything can get into our network, as
long as we know what it is, so that we can manually counter attacks
later on", your "firewall" could consist of packet sniffers placed
at all points of contact with other networks (such as the Internet).
And, to go the other way, a "firewall" may also be something like:
Two dynamic packet filters creating a DMZ, in which a bastion host
is located to handle proxying to the outside world. In addition to
this, we've got a third dynamic packet filter connected separately,
having three interfaces that implement a second DMZ where incoming
mail is handled by our anti virus scanner. All the machines I've
mentioned in this paragraph are part of the firewall.
By the way, this is the kind of firewall that I like. Separate
machines are great. I spit in the face of all do-everything-on-the-
same-machine type guys! Pah! :) :)
Ick.
</rant mode off>
Regards,
Mikael Olsson
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 �RNSK�LDSVIK
Phone: +46 (0)660 29 92 00 Direct: +46 (0)660 29 92 05
Mobile: +46 (0)70 66 77 636 Fax: +46 (0)660 122 50
WWW: http://www.enternet.se/ E-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
