[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ipsec vs. firewalls

To: Damien Wetzel <dwetzel@iway.fr>, Phil Karn <karn@qualcomm.com>
Subject: Re: ipsec vs. firewalls
From: Robert Moskowitz <rgm-sec@htt-consult.com>
Date: Thu, 07 May 1998 21:50:18 -0700
Cc: ipsec@tis.com
In-Reply-To: <3.0.1.32.19980507104731.00949e20@mail.iway.fr>
References: <199805070611.XAA02044@servo.qualcomm.com><199805070458.AAA10739@smb.research.att.com>
Sender: owner-ipsec@ex.tis.com

At 10:47 AM 5/7/98 +0100, Damien Wetzel wrote:

>im working for a french provider as a presale engineer,
>i'm thinking as steve that firewall are not going to last long
>but most of our client are asking for them,
>
>So could you tell me why you are saying that :
>>
>>(rising to the bait) Firewalls are dead. Get used to it. :-)
>>
Firewalls will serve a much different purpose in the brave new world of
IPsec host deployment (coming to your company 2 full years before IPv6
deployment).

Ahem.

In the new regime, the Firewall will:

control policy for unprotected outbound connections (not right to waste
company time surfing through disney.com)

Manage all of that unsecured inbound (and outbound) mail

Block extraneous packets attacking all miscellenous internal devices like
hubs, terminal servers and the like that may never get IPsec (or not until
they get upgraded to IPv6)

I think that there might be a few more items to add to this list......



Robert Moskowitz
ICSA
Security Interest EMail: rgm-sec@htt-consult.com

References:

Re: ipsec vs. firewalls

From: Phil Karn <karn@qualcomm.com>

ipsec vs. firewalls

From: Steve Bellovin <smb@research.att.com>

Re: ipsec vs. firewalls

From: Damien Wetzel <dwetzel@iway.fr>

Prev by Date: Re: ipsec vs. firewalls
Next by Date: Re: question about tunnel mode
Prev by thread: Re: ipsec vs. firewalls
Next by thread: Re: ipsec vs. firewalls
Index(es):
- Main
- Thread