"About a million years ago I was designing and coding firewalls. I wrote pure proxy firewalls. OK, actually, I _invented_ pure proxy firewalls. You know what? I still think that, for security, it's The Way To Do It and everything else sucks. But the industry appears to disagree. That's OK, it's customer choice. But if I was reviewing product firewalls, guess which ones I'd say sucked and which didn't? If I developed a firewall testing methodology, NONE of the packet screens would have cut it. And people would have been able to accuse me of trying to promote my own product because my _beliefs_ and my _implementation_ were inseparable."
Wednesday, February 12, 2003
Marcus Ranum on Firewalls
Marcus Ranum, one of the smartest security visionaries around, made an interesting post on 31 Dec 02 to the Focus-IDS list. He's right, as usual, about several issues. I especially applaud his proxy firewall ideas: