[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SOI QUESTIONS: 2.3 Authentication styles
At 8:37 AM -0700 6/21/02, Chinna N.R. Pellacuru wrote:
>Putting it in your own words...
>
>
>"I agree that proxy firewalls can offer better security than packet
>filtering firewalls, assuming suitable care is applied to the..."
>
> chinna
>
yes, my own words, but still not sufficient to support your
ill-articulated assertions. for example, in deriding simple packet
filtering vs. other firewall access controls, you have never
described which other firewall controls you are using as a reference.
you also started including references to IDS, which is irrelevant to
the discussion.
do you really not understand the difference between the poor security
offered by a router filter which makes access control decisions based
on packet header fields that are from an UNAUTHENTICATED souce and
which have NO INTEGRITY PROTECTION, vs. making the same checks in an
IPsec context where we have authenticated the source and provided
integrity for these fields?
Steve