[Dshield] Firewalls, real and make-believe (Was: Unknown.level3.net:80 attempted to attack..., Was: ...Snake Oil...)

Peter Stendahl-Juvonen peter.stendahl-juvonen at welho.com
Sat Aug 31 22:34:41 GMT 2002


list-admin at dshield.org <mailto:list-admin at dshield.org> scribbled on
Saturday, August 31, 2002 8:03 AM, on behalf of:

Bruce Lilly [blilly at erols.com]


Bruce, et al.

0) please accept warm appreciation for carrying in the torch of light.
Unfortunately, also causes smoke gets in the eyes.

1) Thank you also for considerately starting new thread when among other
things theorizing proper and improper use of restricted vocabulary [word
“firewall” in the English language] and the semantics involved.

2) Admittedly, your post enlightened the discussion further also from
the pragmatic viewpoint.

3) However, would you still prefer to answer the actual and factual,
simple questions originally asked?

4) Evidently did not succeed in expressing oneself clearly enough in the
original message.

5) However, would you still kindly prefer to answer the actual and
factual, simple questions originally asked?

6) Please, note the previous tendency of avoiding to theoretize a
practical discussion. If memory serves well, a set of definitions of
“firewall(s)” already kindly brought into the discussion earlier. Please
also see for Hypertext Webster Gateway (below).

7) Prefer keeping this discussion instead pragmatic.

8) Less academic approach, presenting practical hints more useful than
presentation of theories. However, we agree on much [in what you wrote
in this new thread].

9) Own motivation wells up from the naïve belief:

10) By advancing fellow community members’ general awareness of
alternative pragmatic countermeasures to security threats [we all are
facing] by enlightening one’s own experiences with practical tools, is
participating and taking responsibility.

11) Hence implicating will of “Carrying a stem of grass to the heap”.

12) Attempt to rephrase and additionally display the part of the
question and argumentation that evidently did not display (for the one
reader/responder) dispassionately enough.

a) The post was not brief.
b) When kindly merely quoted the Post Scriptum, which fact incidentally
does not show in citation, [the PS, which read as last item and
presented IN BRACKETS in the original post]
c) Perhaps overlooked the very beginning of the post or perhaps just got
exhausted?
d) Believing not to be an attempt to confuse or just roughly
underestimate fellow readers' intellect and attentiveness.
e) In dislike of doing so, however correcting the confusion and
excellent candidate for false claim made by respected Author of
Response:

> 
> Your "hardware-implemented" vs. "software-implemented"
> distinction makes no sense; a true firewall necessarily
> consists of hardware *and* software ...
> 

f) How does this differ from what written in the original post you
kindly commented?

(START QUOTE OF ORIGINAL POST :)
At first thought that "PFW" stood for "Physical Firewall" in opposite to
"Software [Implemented] firewall". - Soon understood it was rather
"Personal Firewall". Having a Hardware Implemented Firewall of ones own,
is that not a "Personal Firewall" as well?

Is not any Firewall both Software and Hardware Implemented?

In my opinion expressions "Software [implemented] Firewall" and Hardware
[implemented] Firewall" are good in the sense that they describe what
the implementation emphasizes on. Software and Hardware are common
impressions. So is "personal" but its meaning seem to vary.
(END OF CITATION)

g) Please, focus on the line (above) typographically presented on its
own. This will assist in answering the question raised by your question.
h) Prefer regarding it after all rather as a question than a candidate
for false claim.
j) Thank you in advance for addressing the difference.
k) However, please bear in mind the more than evident, lingual handicap
due to non-native, hence non-fluent command of the English language.
m) Any response, e.g. off-list in the less exotic Finnish language much
appreciated. :)  Interesting to see, though, how well understood.  ;)


13) When discussing in strict, in timeframe earlier adapted historical
name of its own, we have a perfect agreement on what meant by
“firewall”.

14) Not understanding what upsets so terrifically if using the word as a
part of another expression.

15) The evolvement of any language is steered by people using and
expressing themselves in that language.

16) People do not use specific terms in all contexts scientifically or
even semantically correctly.

17) As an example, please find below how (and only how) Hypertext
Webster Gateway enlightens this apparently dear word in expressions.
[Changes made in stylistic appearance only:]

(START QUOTE :)
The start page for this free service is
http://smac.ucsd.edu/cgi-bin/http_webster? .
At http://smac.ucsd.edu/cgi-bin/http_webster?firewall&method=exact
Hypertext Webster Gateway: "firewall"
>From WordNet (r) 1.7 (wn)
Firewall, noun 
1. (Informal) the application of maximum thrust: "he slammed the
throttle to the firewall"
2. Fireproof (or fire-resistant) wall designed to prevent the spread of
fire through a building 
>From The Free On-line Dictionary of Computing (9 Feb, 2002) (foldoc)
Firewall
1. {Firewall code}. 
2. {Firewall machine}.
(END QUOTE)

18) Therefore, please, also consider attempting to adapt a less
possessive attitude towards this unfortunately so commonly abused word.


19) Would you please kindly also like to address some simple questions
raised by story written?

> A true firewall necessarily must have:
> 1. a single well-defined connection point to the "outside"

A) What do you call this single, well-defined connection point?

> 2. a single well-defined connection point to the "inside"
>     (i.e. the network segment to be protected)

B) What do you call this single, well-defined connection point
technically?

> 3. filtering which controls what is or is not permitted to
>     pass between "outside" and "inside".

C) Is filtering easy to set up, i.e. by gullible or non-gullible
consumers of 19-century or 20-century, or home users in general?

D) What ensures that “implementation is bug-free and that there are no
sneak paths around any filtering”?

> By contrast, a firewall appliance or firewall built from a
> separate machine which performs only the firewall function
> can easily be tested since there is one physical network
> connection for the "outside" and one for the "inside", and
> it is possible to examine what is allowed through and what
> is stopped.

20) By “can easily be tested” (above) - Do you also here refer to
gullible or non-gullible consumers of 19-century or 20-century, or home
users in general?

21) I.e., do you mean to say “can easily be tested by home users ...
and it is hence possible also for a home user to examine what is allowed
through and what is stopped”.

<snip>
>
> ... will cure their ills, when in fact
> the product is incapable of providing such a cure.
>
<snip>

22) Not mixing with recovery products here are we.  ;)

23) Since you evidently possess the competence, would you also have the
kindness to answering the few, simple questions asked in this - and in
the original post as well. Thank you in advance.

24) Recommendations on “easy-to-implement-and-test-and-use” trust
firewall(s) for home users also warmly welcomed. Thanks in advance.


-Peter

"We all live under the same sky, but we don't all have the same
horizon." 
            Konrad Adenauer, (1876–1976); German statesman.





More information about the list mailing list