Wrong again. *buzzer sound*Quote:
If you want protection the last thing you do is two rubbers. It's not buying you anything but instability.
Printable View
Wrong again. *buzzer sound*Quote:
If you want protection the last thing you do is two rubbers. It's not buying you anything but instability.
Quote:
Wrong again. *buzzer sound*
KorpDeath there are several kinds of hardware-based firewalls. When the information packets arrive at your network, most networks receive them using a packet filtering router(or screening router) This is one kind of firewall.
You can setup a software only firewall too. It needs not be machinery!
Another type of hardware firewall is a proxy server which can check the contents of each data packet as it arrives. How ever it slows up the system. Though when used as a cache a proxy server can improve speed of Internet access.
I use "multi firewalls"! Ever heard of "the more the merrier"
I am a CrackerQuote:
"So the people turned to their god and asked -oh lord, will you take away pain and misery? And he replied No, but I'll give you prozac
Hardware and software solutions are indeed better but I believe we were speaking on multiple software firewalls. Hence my opposition.
Again it would behoove you to be more specific.
Cracker...you are just plain DUMB...
Say for example you have a web server. So you allow port 80 for http access through your internet firewall, well...now you must also allow port 80 through any other firewall you have in front of or on that firewall. The bottom line is that port 80 would still remain open. So what in this scenario would an extra firewall do for you.
Lets take the reverse scenario. Lets say you wanted to block ftp to that web server. You configure your Internet FW to block ftp traffic. Now do you really need another firewall to block traffic that is never going to get to it in the first place...Don't think so. Not to mention you are going to consume resources by using multiple firewalls.
The best solution would be to use some type of IDS. You might also be able to use a reverse proxy. And no...it does not have to be the hardware kind. Proxy software will run on just about any type of server.
KorpDeath is 100% correct in saying that multiple firewalls buys you nothing except an administrative nightmare and instability.
And for all those who actually know something might argue that there is a use for multiple firewalls. And yes you are correct if you want to separate functionality into layers (Web servers separate from application servers separate from DB servers) using a DMZ. But I am sure Cracker has no idea what that even means, so we don't have to worry.
KorpDeath and iNViCTuS - well put.
I add that unless you know why you would use multiple depth firewalls, don't.
Also - not necessarily do you need to pass p80 traffic through both firewalls. You could put in middleware and port shift traffic but this requires advanced skills. (We use it-it's good, though a bastard to configure.)
I don't get me started on multiple dmzs either, though it remains another alternative.
:D
You are right you can do port forwarding with a box between 2 firewalls.
What I was actually trying to say though (I know it was a bit unclear) is that no matter how many firewalls you have, the HTTP traffic still needs to get to your web server, therefore your risk is mainly on the integrity of your web server (IIS, Apache, etc.), Much like the unicode vulnerability. There was not much a firewall could do to protect from unicode because it was all done over the HTTP port (usually 80). Instead....it relied on a vendor patch. So as you could see, in this scenario, it really did not matter how many firewall you have. 1 or 100 would have had the same result.
Well said.
What this boils down to is no matter how many "doors" (fwalls) if you must allow something through them (eb http traffic) the "door" is open.
Therefore it does not make one more secure to add more doors. (helps with job security though :D )
I've tried all firewall mentioned here but i'm missing winroute pro... I think this is the best (software) firewall
It's got it all,. pcketfilter, portmaper, (advanced) nat ...
very secure and runs perfectly on my internet proxy machine ..