[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ipsec vs. firewalls
Damien,
It's an old battle, and Steve and I are used to sparring over it in a
friendly fashion.
Firewalls are useful as temporary stopgaps when you're actually under
attack, but they try to do what can only be done properly on an
end-to-end basis. And to the extent that they give people a false sense
of security, firewalls actually diminish security.
Steve and his co-author Bill Cheswick refer to this as the "hard
exterior with a chewy interior" property of many firewalled networks.
Phil
Follow-Ups:
References: