Archives
  Columns
  Features
  Print Archives
1994-1998
  Special
  BYTE Digest
  Michael Abrash's Graphics Programming Black Book
  101 Perl Articles
  About Us
  How to Access BYTE.com
  Write to BYTE.com
  Advertise with BYTE.com

Newsletter
Free E-mail Newsletter from BYTE.com
 
    
  HOME   ABOUT US   ARCHIVES   CONTACT US   ADVERTISE   REGISTER
Visit the home page Browse the four-year online archive Download platform-neutral CPU/FPU benchmarks Find information for advertisers, authors, vendors, subscribers Request free information on products written about or advertised in BYTE Submit a press release, or scan recent announcements Talk with BYTE's staff and readers about products and technologies

ArticlesSafer Firewalls

December 1996 / International Features / Same Security for All? / Safer Firewalls

Ask a network manager at a large company about the effectiveness of a firewall, and he or she will likely admit that it's impossible to ensure that all access permissions across all firewalls are 100 percent consistent and secure. The lack of manageability of many firewalls is one reason why the CCv.1 aims to improve and clarify existing architectures.

In addition, the CCv.1 is intended to provide auditing capability, a certain level of assurance in security functions, and a criterion for firewall deployment in commercial environments with flexible access-control policies. The Firewall Protection Profile of the CCv.1 describes in essence the state of the art in firewall technol ogy and demands stronger auditing functions -- a feature that's required by many users.

However, the CCv.1 has been roundly criticized for covering only the transport-packet level and for not being demanding enough in terms of security on higher-level Open Systems Interconnection (OSI) layers and the logical structure of firewalls. Critics say that the CCv.1's Packet Filter Firewall (PFFW) protection profiles support the better-than-nothing mentality of many of today's security solutions and lack an overall concept.

In principle, the critics' arguments go, the philosophy of firewalls -- isolating yourself -- is contrary to the open-network philosophy of the Internet. As soon as more-secure internal enterprise-security systems are installed and strong data encryption is accepted internationally, mere transport-packet firewalls might become obsolete.

Up to the International Features section contentsGo to previous article: Safer FirewallsGo to next article: The Common Criteria, Version ISearchSend a comment on this articleSubscribe to BYTE or BYTE on CD-ROM  
Flexible C++
Matthew Wilson
My approach to software engineering is far more pragmatic than it is theoretical--and no language better exemplifies this than C++.

more...

BYTE Digest

BYTE Digest editors every month analyze and evaluate the best articles from Information Week, EE Times, Dr. Dobb's Journal, Network Computing, Sys Admin, and dozens of other CMP publications—bringing you critical news and information about wireless communication, computer security, software development, embedded systems, and more!

Find out more
BYTE.com Store

BYTE CD-ROM
NOW, on one CD-ROM, you can instantly access more than 8 years of BYTE.
 
The Best of BYTE Volume 1: Programming Languages
The Best of BYTE
Volume 1: Programming Languages
In this issue of Best of BYTE, we bring together some of the leading programming language designers and implementors...

Copyright © 2005 CMP Media LLC, Privacy Policy, Your California Privacy rights, Terms of Service
Site comments: webmaster@byte.com
SDMG Web Sites: BYTE.com, C/C++ Users Journal, Dr. Dobb's Journal, MSDN Magazine, New Architect, SD Expo, SD Magazine, Sys Admin, The Perl Journal, UnixReview.com, Windows Developer Network