In article ,
Jon-Alfred Smith wrote:

Well, it isn't good enough for Checkpoint anymore. They have added AI
(Application Intelligence) protecting all the way from layer 3 up to
7. So has the Cisco PIX Secure Firewall.


Sure. It'd be silly not to include that kind of capability.
Also very non-competitive. But you can't tell me that an FW-1 or PIX
solution as deployed circa 2003 wasn't a genuine firewall and wouldn't
be one today.

Why wouldn't you consider, say, a Linux box using netfilter
a genuine firewall? That kind of basic setup is approximately equivalent
to the "original" PIX and FW-1 setups. And to come back on topic, why
wouldn't the MS firewall be considered a firewall? I don't completely
agree that a "firewall" MUST be a separate physical box with separate
physical interfaces. It does packet and application screening, and
if you stretch a bit you could say it manages connections between two
address spaces, the local socket space and the network socket space...

"the wharf rat" wrote in message
...
In article ,
Jon-Alfred Smith wrote:


I suggest that you drop "the wharf rat" a road kill like a hot potato. He
is loose again, and out of control.

"Mr. Arnold" MR. wrote in message
...


I have learned from the best in the FW and Security NG, my home base NG
the
first NG I went to way back in 2000. I leaned from the best. I leaned from
the ones who implement security and firewall solutions for a living.



You may have 'learned from the best', but you've missed the point.

The etymological purity of the term 'firewall' isn't the issue for the OP,
nor whether a textbook definition should take precedence over a perfectly
legitimate vernacular usage.


--
Jon

the wharf rat wrote:
In article ,
Mr. Arnold MR. wrote:
I think you had better learn what a FW is about and what FW technology is
about. NAT is not FW technology. NAT is mapping technology.


No single technology provides sufficient security to be called
a "real firewall". But NAT is certainly one of the tools available to help
secure a network.


In a limited sense, the moment you start to think that NAT is a security
solution, you just landed on the wrong side with me, because I know better.

And you really don't know anything about FW technology.



Checkpoint is a FW solution, and a solution that is a true FW solution will
ensure that only HTTP traffic comes down port 80 TCP and block any other
traffic trying to come down that port, as an example.

Bull****. That kind of protocol fixup is not a requirement of
a general firewall solution. You're overloading your terms. (The technical
term for *that* is amphiboly, BTW. It's very bad.)

Really Road Kill, because I talked with the experts about this, and
I don't consider you to be one of them.


A firewall is simply a device that manages and controls network
traffic. A simple nat gateway is a firewall. (Not a *good* firewall...)
So is an intelligent screening router that incorporates active response IDS.
Look at it this way: a Chevette is a car, right? So is a Ferrari, right?
It's like that.

http://www.vicomsoft.com/knowledge/r...irewalls1.html


Pffffttt. That's an infomercial not a technical paper.

Really Road Kill, you show me yours and I'll show you mine. I guess it
done't matter that I use a Watchguard and know what they are about.


I have learned from the best in the FW and Security NG, my home base NG the
first NG I went to way back in 2000.


Lol. "I'm a security expert. I read all about it on Usenet!"


LOL, you point out to me where I said I was a secuirty expert. You
point the words out. I never clamied that, and I never said that. I will
say that I know more that the average Joe Blow home user, which you fit
in to that category.

There is something wrong with you.


You're so funny.


Let me remind you of my take on you, you are yesterday's, today's and
all days in the future *clown*, and don't you ever forget that.

And you call yourself a computer man jack of all trades master of none
do you, which you through up in my face about the expertise that you
have starting with DRM and DVD(s) and who you are and I should respect
that and you?

Like I told you, the company you work for, they should have fired you
long ago.

You have no credibility with me based on your previous actions and lack
thereof with knowledge.

I think you have some real mental issues you need to address, because
it's showing.

I am real close to tossing you into the trash can, because once again,
you are NOT talking about something that I don't already know, and you
have gone out of control.

"Jon" wrote in message
...

"Mr. Arnold" MR. wrote in message
...


I have learned from the best in the FW and Security NG, my home base NG
the
first NG I went to way back in 2000. I leaned from the best. I leaned
from
the ones who implement security and firewall solutions for a living.



You may have 'learned from the best', but you've missed the point.

No I have not missed the point. I know exactly what is not a FW solution and
what is a FW solution, And I know that Vista's packet filter and 3rd party
FW solutions are not firewall solutions. A NAT router for home usage is not
a true FW solution. It is an effective border device, but it's not a FW
solution in the traditional sense.


The etymological purity of the term 'firewall' isn't the issue for the OP,
nor whether a textbook definition should take precedence over a perfectly
legitimate vernacular usage.

I'll go for the technical term of it, and what I know it to be.

On Wed, 16 Jan 2008 14:14:10 +0000 (UTC), (the wharf
rat) wrote:

In article ,
Jon-Alfred Smith wrote:

Well, it isn't good enough for Checkpoint anymore. They have added AI
(Application Intelligence) protecting all the way from layer 3 up to
7. So has the Cisco PIX Secure Firewall.

Sure. It'd be silly not to include that kind of capability.
Also very non-competitive. But you can't tell me that an FW-1 or PIX
solution as deployed circa 2003 wasn't a genuine firewall and wouldn't
be one today.

I don't disagree with you at all. Sure these are / were firewalls.
However, at about that time (or a bit before) it became obvious that
IBM's ASICs (packet-filtering, SPI) had severe limitations. Excellent
and lightning fast for blocking at the outer onion level.

But applications weren't playing by the rule anymore, using
well-defined ports. For instance port 80 has become next-to a
catch-all port. This makes it necessary to filter at the application
layer, and it is very impractical to do this with hardware; software
is much more flexible (and slower).

Why wouldn't you consider, say, a Linux box using netfilter
a genuine firewall?

I do, I used the forerunner ipchaines for several years, on
workstations and dedicated firewall boxes.

[Slightly edited]
I don't completely
agree that a "firewall" MUST be a separate physical box with separate
physical interfaces.

Not at all, I'm working with Small Business Server. With the Premium
Edition ISA Server 2004 is included, running on a combined DC and
Exchange server. This setup has always been a bit controversial, but
it works extremely well: Some ASIC-based firewall at the edge, and ISA
taking care at the application level, checking for legal and illegal
commands if you, say, publish Outlook Web Access at port 443.

And to come back on topic, why
wouldn't the MS firewall be considered a firewall?
It does packet and application screening, and
if you stretch a bit you could say it manages connections between two
address spaces, the local socket space and the network socket space...

My opinion is: they are, with a varying degree of protection and
efficiency, that is XP/SP2, FW with Vista, Network Threat Protection
(part of Symantec Endpoint Protection) and so on.

jas

In article ,
Mr. Arnold wrote:

No single technology provides sufficient security to be called
a "real firewall". But NAT is certainly one of the tools available to help
secure a network.

In a limited sense,

Well, you certainly have limited sense. What part of "But NAT is
certainly one of the tools available to help secure a network" equates to
"NAT is a security solution" in your mind?


And you really don't know anything about FW technology.

But I read all about it on Usenet!!!!

I talked with the experts about this

Yes, and I'm sure the lurkers support you too.

You have no credibility with me based on your previous actions and lack
thereof with knowledge.

Hey, dude, grammar counts, k?

In article ,
Jon-Alfred Smith wrote:

For instance port 80 has become next-to a catch-all port.

For sure. Seems like the only thing you don't see on that one
any more is HTTP.

(That's a joke, Arnold, so don't get your panties in a wad, k?)

On Tue, 15 Jan 2008 09:37:10 GMT, "*^&%$$#*%!"
wrote:

An issue I have come across with Vista's firewall outbound blocking is that
it blocks Microsoft update. I have figured out how to fix it by unblocking
wuapp.exe and svchost.exe. Vista complained about me unblocking svchost.exe
though as it said it may conflict with it's own internal rules settings.
What I am doing for now is enabling the rule for svchost.exe to check for
updates and then disable the rule the rest of the time. Is that the best way
around this issue? Why could'nt Microsoft have made Windows Update unblocked
by default? Even some 3rd party Firewalls know to unblock certain apps by
default.


Wait a minute, that might be the gest way to use Windows Update,
blocked.

thetruthhurts @homail.com wrote:

On Tue, 15 Jan 2008 09:37:10 GMT, "*^&%$$#*%!"
wrote:


An issue I have come across with Vista's firewall outbound blocking is that
it blocks Microsoft update. I have figured out how to fix it by unblocking
wuapp.exe and svchost.exe. Vista complained about me unblocking svchost.exe
though as it said it may conflict with it's own internal rules settings.
What I am doing for now is enabling the rule for svchost.exe to check for
updates and then disable the rule the rest of the time. Is that the best way
around this issue? Why could'nt Microsoft have made Windows Update unblocked
by default? Even some 3rd party Firewalls know to unblock certain apps by
default.



Wait a minute, that might be the gest way to use Windows Update,
blocked.

You need to actually have Vista before making any more comments about it
you idiot!
Frank