[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPSEC requirements
Marcus J Ranum sez:
> Generally, when you're talking to folks who are doing
> firewalls, you may find that "Firewall" != "router + screening"
> 100% of the time. Perhaps you may wish to call them something
> else, or perhaps you may wish me to call them something else,
> but the term "firewall" has a fairly wide interpretation these
> days. It's best to understand that, to prevent confusion, which
> was the purpose of my previous missive.
Guess I have to side with Bill's interpretation here. The IP-level firewall
is in widespread use, at least from the places I play.
> Perhaps one should distinguish between application
> level firewalls and IP level firewalls. In future discussion
> here, I will do that to reduce confusion.
That ought to be an acceptable alternative for the time being...
> Let's avoid a battle of definitions if possible. It's
> too late to change the use of the word "firewall" in the
> firewall community to meet your understanding. (Many of us
> call an IP level "firewall" a "screening router")
And, while I might devine your definition of a "screening router," I'd STILL
have to think about it each time it's used for a bit. It's not the term I'd
expect.
> It's useless to quibble about terminology, I'm sorry.
> Whatever you want to call it, it's part of your security perimeter
> and it's part of the mechanism that enforces the integrity of
> your perimeter. It may be a "router" but that's an implementation
> detail.
Actually, if we don't get the terminology "right," whatever we determine
"right" to be, we shall continue to argue. Semanitcs is in fact very
important in a technical discussion. If we are all discussing different
topics but using like-sounding terminology, we shall become seriously
confused. Further, if we're discussing convergent themes with each using
his/her pet phraseology, on this path, too, lies danger.
Gerry
gerry@cs.tamu.edu gcreager@gothamcity.jsc.nasa.gov
Follow-Ups:
References: