Re: How secure is our server?

Tech-Archive recommends: Fix windows errors by optimizing your registry

---

• From: Leythos <void@xxxxxxxxxxx>
• Date: Wed, 14 Nov 2007 15:46:15 -0500

---

In article <OGf9q3vJIHA.2176@xxxxxxxxxxxxxxxxxxxx>, joe@xxxxxxxxxxxxxx
says...

Leythos wrote:

In article <OJyKPUvJIHA.484@xxxxxxxxxxxxxxxxxxxx>, joe@xxxxxxxxxxxxxx
says...

Much of the difference between firewalls lies in the control and
monitoring, not the filtering,

I have yet to see a single cheap home "firewall" router that can tell
the difference between HTTP traffic on port 80 and any other traffic on
port 80.

I have yet to see a single cheap home router that can detect malformed
SMTP headers, reject messages based on size or content, can mask the
internal server name.

I have yet to see a single cheap home router that can apply multiple
different outbound HTTP rules based on the user/IP address of the
machine inside the network.

I have yet to see a single cheap home router than can remove cookies,
HTTP content, file downloads, etc... from http sessions.

I have yet to see a single cheap home router than can support 50
outbound or inbound PPTP sessions at the same time.

And the list could go on.

Of course. Nearly all of which requires attention to higher level
protocols than IP, which require correspondingly more processing power,
which costs more.

I was replying to a question about the relative merits of machines of
differing costs with respect to stateful packet filtering. I went on at
some point to mention that higher level protocol work needed more
hardware than the cheapies had.

Are we disagreeing on something?

Only in that I read that you were suggesting that "Much of the
difference between firewalls lies in the control and monitoring, not the
filtering". I completely disagree with that.

The largest difference in what firewalls provide, between the different
cost ranges, is how and what they can filter.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@xxxxxxxxxx (remove 999 for proper email address)
.

---

• References:
  • Re: How secure is our server?
    • From: Dave Nickason [SBS MVP]
  • Re: How secure is our server?
    • From: Mark
  • Re: How secure is our server?
    • From: Dave Nickason [SBS MVP]
  • Re: How secure is our server?
    • From: Joe
  • Re: How secure is our server?
    • From: Dave Nickason [SBS MVP]
  • Re: How secure is our server?
    • From: Joe
  • Re: How secure is our server?
    • From: Leythos
  • Re: How secure is our server?
    • From: Joe

• Prev by Date: Re: Remote Web Workplace Issue
• Next by Date: Re: certificate issues with Outlook 2007/Exchange 2003 on SBS
• Previous by thread: Re: How secure is our server?
• Next by thread: Remote Web Workplace Issue
• Index(es):
  • Date
  • Thread

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.sbs  > 2007-11