At 09:05 07/06/01 +0100, David Ishmael wrote:
>Zachary,
>
>I wouldn't consider a filter of any kind to be a firewall.
I'd add that a firewall can filter, but filtering is not always a firewall job.
More clearly, the FW is here to protect the netwrok, so if you're filtering for
network protection, then the FW might be one right place (you may filter
in other places. the basic example is email filtering, which should be done
on the mail server...).
but if you're filtering just to enforce some "work policy", then he FW is
the bad
place. if your problem is that you don't want your users surfing instead of
working, then use a tool for that, not a FW (you might need to configure
the FW to know the tool, but that's it for the FW).
> Perhaps that's a
>mind-set and an overbearing opinion, but I consider router ACL's or software
>engines that monitor content (URL's) as filters where I consider hardware or
>software that specifically addresses security measures through stateful
>inspections as firewalls. Then again, I'm no security expert...
but then you're running the risk to start that "what is a FW after all"
debate:)
and God knows such debates are infinite...
cheers,
mouss
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
