General discussion


Are packet filters enough?

By fimos ·
I have a situation where a client claims that its 50+ public facing servers are sufficiently protected from malicious attacks by a router configured with ACLS to limit access to only the services and ports required by the servers. I am of the position that a stateful inspection firewall is necessary to better protect the servers.

In the most obtimsitic of situations, where the hosts are monitored closely and regularly patched for vulnerabilities, a packet filter could be enough. There need to be controls in place, however, to guarantee that the patches and monitoring are being performed.

Does anyone have any information on the benefits of a stateful inspection firewall over a packet filter?

Thank you,

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by ISPnetworker In reply to Are packet filters enough ...

The security needs are fully dependent on the application(s) running on the servers. Router ACLs, either static or dynamic, are capable of providing adequate security. A multi-tierred security model may provide additional protection, but the increased complexity and support requirements must be weighed against the actual and perceived benefits.

In any case, all servers must receive accurate and timely maintenance; otherwise they will likely become the achiles heel of your network.

Collapse -

by fimos In reply to

Poster rated this answer.

Collapse -

by fimos In reply to Are packet filters enough ...

This question was closed by the author

Related Discussions

Related Forums