RFC 2979

[Guest]

Archived from groups: comp.security.firewalls (More info?)

I doubt this will matter to the most vehement, but I emailed the author of
RFC 2979 and asked if a basic NAT Router (with filtering, SPI, or such)
qualifies as a firewall. (The RFC notes that NAT and firewalls are not the
same thing.) He stated that, in his opinion, the presence of filtering
makes it a firewall.

Again, the issue is one of quality. There are low-end firewalls than can
do very little, and there are high-end firewalls that can do virtually
everything. But all such devices are used in the process of firewalling,
by definition.

Oh well. It goes without saying that the vendors of home firewalls are in
no legal jeopardy for calling them firewalls.

RFC 2979- Behavior of and Requirements for Internet Firewalls
http://www.faqs.org/rfcs/rfc2979.html

--
FUTURE, n. That period of time in which our affairs prosper, our friends
are true and our happiness is assured.

- Ambrose Bierce

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

In article <37a7h1ls8gbg6oqli2jh39t5h7m00lou3p@news.easynews.com>,
CyberDroog@ClockworkOrange.com says...
> I doubt this will matter to the most vehement, but I emailed the author of
> RFC 2979 and asked if a basic NAT Router (with filtering, SPI, or such)
> qualifies as a firewall. (The RFC notes that NAT and firewalls are not the
> same thing.) He stated that, in his opinion, the presence of filtering
> makes it a firewall.
>
> Again, the issue is one of quality. There are low-end firewalls than can
> do very little, and there are high-end firewalls that can do virtually
> everything. But all such devices are used in the process of firewalling,
> by definition.
>
> Oh well. It goes without saying that the vendors of home firewalls are in
> no legal jeopardy for calling them firewalls.
>
> RFC 2979- Behavior of and Requirements for Internet Firewalls
> http://www.faqs.org/rfcs/rfc2979.html

So, post his exact response. It still won't change that fact that no
government agency, no medical group, not business that cares about their
data, not residential user that can value/afford a firewall would choose
a simple NAT ROUTER which doesn't block by default. Routing is not
firewalling.

--

spam999free@rrohio.com
remove 999 in order to email me

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

On Tue, 30 Aug 2005 00:55:10 GMT, Leythos <void@nowhere.lan> wrote:

>In article <37a7h1ls8gbg6oqli2jh39t5h7m00lou3p@news.easynews.com>,
>CyberDroog@ClockworkOrange.com says...
>> I doubt this will matter to the most vehement, but I emailed the author of
>> RFC 2979 and asked if a basic NAT Router (with filtering, SPI, or such)
>> qualifies as a firewall. (The RFC notes that NAT and firewalls are not the
>> same thing.) He stated that, in his opinion, the presence of filtering
>> makes it a firewall.
>>
>
>So, post his exact response. It still won't change that fact that no
>government agency, no medical group, not business that cares about their
>data, not residential user that can value/afford a firewall would choose
>a simple NAT ROUTER which doesn't block by default. Routing is not
>firewalling.

The response was pretty simple: "My position is that the presence of
filtering makes it a firewall."

That is the point. Routing doesn't make a firewall, per se (although the
side effect offers more security than nothing at all), but filtering does.
Most all simple NAT router/firewalls offer some filtering capabilities.
Hence the use of the word firewall in the product description.

Of course a business won't use devices designed for home users. The NASA
blockhouse is also much more of a "firewall" than a residential apartment
building would offer.

No, routing is not firewalling. That is why the devices are called
"Firewall Routers", "Router with Firewall", etc.

--
The second item in the liberal creed, after self-righteousness, is
unaccountability. Liberals have invented whole college majors - psychology,
sociology, women's studies - to prove that nothing is anybody's fault. No
one is fond of taking responsibility for his actions, but consider how much
you'd have to hate free will to come up with a political platform that
advocates killing unborn babies but not convicted murderers. A callous
pragmatist might favor abortion and capital punishment. A devout Christian
would sanction neither. But it takes years of therapy to arrive at the
liberal view.

- P.J. O'Roarke, Give War A Chance (1992)

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

CyberDroog <CyberDroog@clockworkorange.com> wrote:
> Routing doesn't make a firewall, per se (although the
> side effect offers more security than nothing at all), but filtering does.
> Most all simple NAT router/firewalls offer some filtering capabilities.
> Hence the use of the word firewall in the product description.

This all depends on definition BTW:
http://en.wikipedia.org/wiki/Definition

I introduced the definition of the IETF here, because we were talking
about Internet security.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"