[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSEC requirements




Gerald J Creager says:
> Marcus J Ranum sez:
> > 	 Generally, when you're talking to folks who are doing
> > firewalls, you may find that "Firewall" != "router + screening"
> > 100% of the time. Perhaps you may wish to call them something
> > else, or perhaps you may wish me to call them something else,
> > but the term "firewall" has a fairly wide interpretation these
> > days. It's best to understand that, to prevent confusion, which
> > was the purpose of my previous missive.
> 
> Guess I have to side with Bill's interpretation here.  The IP-level firewall
> is in widespread use, at least from the places I play.

I've rarely seen IP layer filtering in use. My clients tend to be too
paranoid. I've participated in the construction of a number of these
beasts, and we've always built application level gateways with the
standard two router-D.M.Z. machine approach. Yes, firewall
construction has become semi-standarized in some quarters. Yes, its is
application layer much of the time.

Firewalls can be either at the IP layer or at application layers. See
Ches and Steve Bellovin's book on the topic. Marcus is absolutely
right on this point.

Perry


References: