[unisog] Firewalls vs ACLs

oldtimer at hush.com oldtimer at hush.com
Fri Aug 22 02:35:54 GMT 2003

This is not really related to edu matter but a friend mentioned that
this list is quite friendly so here it goes.


Let us say, security is your only concern and bandwith cost, who is going
where.... are not an issue, why would you use a firewall compared to
an ACL? 

I work as a help desk officer at a company which does not have a firewall
and only use ACLs. everytime we want to make 
a change to the ACL we can only fax it to the parent company, no web

interface no email. It is extremly difficult to test and modify. 

I would like to get some feedback from people as to what are the weaknesses
of ACLs and why would someone get a firewall . 

Some thoughts : 
1)Easier to control and make changes 
2)firewalls are smarter (eg passive ftp issue where you have to allow

all incoming traffic originationg from ftp-data to reach any machine)

3)At least we get to see the logs and if a trojan tries to call home

we know about it. 
4)Firewalls could make sure that if you open up port 80, only http traffic
would go through.

Your feedback is greatly appreciated 


Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger

Promote security and make money with the Hushmail Affiliate Program: 

More information about the unisog mailing list