Re: Panther and Firewall API?
Re: Panther and Firewall API?
- Subject: Re: Panther and Firewall API?
- From: "Peter Sichel" <email@hidden>
- Date: Tue, 2 Sep 2003 15:20:19 -0400
>
If you were seriously concerned about security and felt that a firewall
>
would help, you should really use a firewall on another device. As long
>
as the firewall is running on the local machine, it can be disabled on
>
the local machine by any software with root privileges. A personal
>
firewall that runs on the same machine is just about the stupidest
>
thing imaginable. It makes me think of a person sitting on a raft with
>
a sail and blowing on the sail to try and move the raft.
While there's much truth to this, I think people use the term
"firewall" to mean different things.
(1) A product you run or install to help you feel more secure.
This would fall under the category above.
(2) A mechanism for enforcing an access policy that includes
intrusion detection, detailed logging, content filtering,
bandwidth management, and more. Such a product could serve
a useful purpose on a stand alone server or as a component
of a LAN gateway.
Under this broader definition, a SPAM filter is a kind of
firewall (a mechanism for enforcing an access policy). While some
people are still debating the merits of filtering at the client
versus the server, both have their uses.
Relying exclusively on a firewall at the network perimeter can lead
to networks that appear hard on the outside but are soft and chewy
on the inside.
- Peter
_______________________________________________
macnetworkprog mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/macnetworkprog
Do not post admin requests to the list. They will be ignored.