In my point of view, the fact that a firewall do stateful inspection is good in
some points but it leave an open session between the client and the server. I
much prefer an application proxy firewall that break the session. I do agree
with Phil as well, even 1 sec. is noting compare all congestion you may have on
the network.
Regards
Francois
Phil Kramer a écrit :
> My personal opinion is not hardware vs software, but what firewall is most
> secure. You can talk about PIX, CheckPoint, Linux with IPtables, IPchains
> and IPfilters but from a security point of view a pure application proxy is
> more secure. How many people can notice a 20 ms pause? If you want speed
> get a router with ACLS, that's what PIX is. All these stateful
> inspection/packet filter technolgies work at too low a level (layers 2-4) to
> provide enterprise security. For web servers, mail servers etc. you need
> layer 7 checking.
>
> Phil Kramer, SANS GSEC
> Systems Solutions Technologies, LLC
> Phone: 615-646-5766
> email: [EMAIL PROTECTED]
--
********************************
Francois X. LEYTENS
Directeur - Ingénieur
SEDELEC SA VALAIS
Rue du Chemin de Fer 24
Case Postale 16
1958 St Leonard
--------------------------------
Tel : +41 27 205 6000
Direct : +41 27 205 6002
Mobile : +41 79 205 6002
Fax : +41 27 205 6001
Email : [EMAIL PROTECTED]
********************************
begin:vcard
n:LEYTENS;Francois X.
tel;cell:+41 79 205 6002
tel;fax:+41 27 205 6001
tel;work:+41 27 205 6000
x-mozilla-html:TRUE
url:www.sedelec.ch
org:<img src="gifs/logo_small.gif"> Sedelec SA Valais
version:2.1
email;internet:[EMAIL PROTECTED]
title:Directeur
adr;quoted-printable:;;Rue du Chemin de Fer 24=0D=0ACase Postale 16;St Leonard;VS;1958;Switzerland
fn:Francois X. LEYTENS
end:vcard
Signature cryptographique S/MIME