× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



I picked the example of Napster and peer-to-peer as it's an easily
recognizable access control. ("I don't want people using Napster at work.")
I agree with you this is akin to monitoring telephone habits. But "Napster"
and "web surfing" are the most common activities employers wish to
"restrict" their employees from doing during working hours.

A server/daemon determines whether a service (telnet, http/www, database) is
active or not. However, they usually don't discriminate between me on the
local LAN and me accessing via the internet. (Samba-Windows file sharing and
the MySQL database allow per-host/subnet/ip address access.) The firewall
determines whether the service is visible from the internet, or allows the
service even from inside the network. ("Let me remote administrate a
client's Windows 2000 server.")

What is commonly termed a firewall today may as well be called a
"strengthened gateway". A true gateway server does not restrict that passes
through it. It's merely a door. A firewall is a guarded door. A firewall
with IDS is a guarded door with a SWAT team on standby.

A firewall explicitly controls access to network services from the Internet.
(The traditional definition) It cannot make those services themselves more
secure. If I run (for example) an unpatched IIS, I will get hacked even
though I have a firewall. In this case the firewall didn't make me any more
secure because I was running a (potentially) insecure service in the first
place. However, if I have an IDS installed, it should run BEFORE the service
and inspect what I'm doing. In a code red example, the IDS should explicitly
deny access to cmd.exe, even if it is a HTTP request.

Loyd

-----Original Message-----
From: Booth Martin [mailto:Booth@MartinVT.com]
Sent: Thursday, April 11, 2002 11:08 AM
To: midrange-l@midrange.com
Subject: RE: Firewall in AS400

[ Picked text/plain from multipart/alternative ]
The instances you describe are discipline related.  You are monitoring how
the workers are working, checking for their web habits.  Its no different
than monitoring phone conversations to be sure workers are not doing
excessive personal stuff on Company time. This is a personel issue, not
security.   So far as types of services, isn't that controlled by the
servers themselves?

I can buy into the gateway type of approach of course, and which services
pass through the gateway.  But thats a gateway, not a firewall.

So far as being barraged by code red viruses at home....  me too.  They seem
to phone with their best deals right at dinner time.

I am not trying to be a wiseazz with these comments.  I am trying to focus
my thoughts on the purposes and the benefits.  The firewall buzz has become
a mantra and the goal has been lost imho.

My little linksys 4-port router does all the firewall services I feel I need
 and it'll handle 256 devices for under $100



As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.