On Mon, 14 Nov 2011 15:55:14 EST, Jay Ashworth said: > On the other hand, since a firewall's job is to stop packets you don't want,
One of Marcus Ranum's "5 Stupidest Security Blunders" - "enumerating badness". A firewall's job isn't to stop unwanted packets, it's to pass only wanted packets. > if it stops doing it's just as a firewall, it's likely to keep on doing it's > other job: passing packets. As a result, a firewall that fails open rather than closed is mis-designed. And if you're deploying a firewall and don't know if the failure mode is open or closed, you probably get what you deserve when it fails.
pgpgOteEtq8ss.pgp
Description: PGP signature
