The stateful packet inspection religous debate

Apollo apollo7771 at home.com
Thu Nov 8 18:48:47 CST 2001 

So would it be safe to say that most hackers are opportunistic and are
likely to avoid firewall protected systems?  I've seen many systems that are
on cable or DSL that have no firewall protection and have C: shared without
a password.  This it frighteningly common from what I've found thanks to
dangerous morons or stupid OEM's.  So with thousands of easy Win 9x PC's out
on the internet begging to be fooled with, would it be reasonable to assume
that any form of firewall greatly reduces your chances of being hacked?  I
know that that can be taken too far but when there is no way of anticipating
when your going to be hacked it all comes down to probabilities...right?

btw, thanks for the info Bill.

> -----Original Message-----
> From: Bill Clark [mailto:bill at billclark.net]
> Sent: Thursday, November 08, 2001 10:52 AM
> To: kclug at kclug.org
> Subject: The stateful packet inspection religous debate
>
>
> Stateful packet filtering is an enhancement to dynamic packet filtering.
> This technology tries to make sense out of higher-level protocols
> and adapt
> filtering rules to accommodate protocol-specific needs. The
> stateful packet
> filter keeps track of state and context information about a session. This
> technology can be applied to the UDP protocol as well, setting up
> a virtual
> session, giving the illusion of security where no security exists.
>
> Some people contend that stateful packet filtering is safer and
> faster than
> application gateways(static filtering).  In my experience and nearly
> everyone in the industry the evidence shows that statefule packet
> inspection
> is faster than application gateways.
>
> However, many believe that stateful packet filtering is less
> secure and even
> worse gives a false sense of security.  Unless you work for Checkpoint or
> have been brain washed by Checkpoint.  I have my CCSE and CCSA from
> Checkpoint so I was brain washed too at one time.  Truefully either one of
> these technologies is going to protect or slow down the majority
> of attacks.
> There is no way to prevent someone from denying you service or
> from breaking
> into your network.  Your only hope is to detect the event and
> respond before
> too much damage is done.  A firewall merely slows an attacker down.
>
> Bill
>
> bill at billclark.net
>
>
>
>
>

More information about the Kclug mailing list