[ale] OT: Firewall purchase

Theresa Schwacke rhiannen at atlantacon.org
Thu Jul 22 11:26:18 EDT 2004


David Hamm wrote:
<snippage>>
> I'm sorry, but I don't see anything in the above statement to convince me that 
> IP Masquerading to a private address range and discarding syn packets isn't 
> effective.  If other services were running on the firewall and exposed, I 
> could see a potential; or, if the kernel was flawed and responded to 
> malformed packets.  However, you asserted that an inexpensive firewall wasn't 
> as secure as an expensive custom unit.  My assertion is price doesn't dictate 
> code or logic quality, and firewalls primarily rely on two principals to 
> establish secure internet connectivity.  Higher firewall prices are only 
> justified by additional features which, on the surface, have the potential of  
> increased exposure to security flaws.  

Forgive me for breaking in, and I hope this doesn't come across as 
abrupt or anything, but a lot of your questions can be answered by 
digging through the archives. IIRC, this topic has been rehashed a few 
times already.

FWIW, I understand where Bob is coming from and tend to agree with him.

I'll slink back to my corner now.

rhia



More information about the Ale mailing list