[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ipsec vs. firewalls

To: dwetzel@iway.fr
Subject: Re: ipsec vs. firewalls
From: Phil Karn <karn@homer.ka9q.ampr.org>
Date: Thu, 7 May 1998 18:33:48 -0700 (PDT)
CC: ipsec@tis.com
In-reply-to: <3.0.1.32.19980507104731.00949e20@mail.iway.fr> (message fromDamien Wetzel on Thu, 07 May 1998 10:47:31 +0100)
References: <199805070458.AAA10739@smb.research.att.com> <3.0.1.32.19980507104731.00949e20@mail.iway.fr>
Reply-to: karn@ka9q.ampr.org
Sender: owner-ipsec@ex.tis.com

Damien,

It's an old battle, and Steve and I are used to sparring over it in a
friendly fashion.

Firewalls are useful as temporary stopgaps when you're actually under
attack, but they try to do what can only be done properly on an
end-to-end basis. And to the extent that they give people a false sense
of security, firewalls actually diminish security.

Steve and his co-author Bill Cheswick refer to this as the "hard
exterior with a chewy interior" property of many firewalled networks.

Phil

Follow-Ups:

Re: ipsec vs. firewalls

From: "Marcus Leech" <Marcus.Leech.mleech@nt.com>

Re: ipsec vs. firewalls

From: Robert Moskowitz <rgm-sec@htt-consult.com>

References:

ipsec vs. firewalls

From: Steve Bellovin <smb@research.att.com>

Re: ipsec vs. firewalls

From: Damien Wetzel <dwetzel@iway.fr>

Prev by Date: Re: ipsec vs. firewalls
Next by Date: Re: ipsec vs. firewalls
Prev by thread: Re: ipsec vs. firewalls
Next by thread: Re: ipsec vs. firewalls
Index(es):
- Main
- Thread