Re: [fw-wiz] GIDS, Intrusion Prevention: A Firewall by Any Other Name

From: Ryan Russell (ryan@securityfocus.com)
Date: 08/12/02


From: Ryan Russell <ryan@securityfocus.com>
To: Crispin Cowan <crispin@wirex.com>
Date: Mon Aug 12 19:19:01 2002

So, if I may summarize your question: "Don't buzzwords suck, and isn't
this a firewall"? To which I respond: define firewall.

From what I understand about Barnyard (and that I assume others do as
well) is that it will "normalize" packets to some degree, use IDS-style
rules, and add blocking. One could easily argue that firewalls should
have been able to do the packet normalization and much more granular rules
for years. I'm aware of very few that do. Most people can only point to
a box of parts or manuals and CDs, and call that a "firewall". Based on
what those do, and what Barnyard does, they are not quite the same beast.
If you want to use the broad, conceptual definition of "firewall", then
they are firewalls.

Network switches are nothing but bridges, but the two different wors serve
to inform the consumer that each product does something a luittle
different.

I think a more interesting question is: if GIDS is the new "firewall",
then why did firewalls running on top end PCs max at 100mbps or so with
just a few dozen rules and terribly simply filtering capabilities... while
a GIDS with much more interesting filterinag capabilities and a few
thousand rules can also do the same? Did PCs just get that much faster?

(I think part of the answer has to do with the fact that IDS' are much
less concerned with various groups of IP addresses, like inside, outside,
DMZ, web_servers, etc...)

                                                Ryan



Relevant Pages

  • Re: Remote Web Workplace question
    ... I went to the PCs and checked the domain under the firewall setting. ... And this happens with every client PC on the network? ... it's Remote Desktop somewhere under Accessories). ...
    (microsoft.public.windows.server.sbs)
  • Re: File sharing on PCs connecting to web on linksys router
    ... >>>files and a printer between the PCs. ... If the Wizard detects the router's shared Internet ... Make sure that any firewall program (Norton, McAfee, ZoneAlarm, ... Steve Winograd, MS-MVP (Windows Networking) ...
    (microsoft.public.windowsxp.network_web)
  • Re: XP Logons and security issues
    ... If the budget allows I highly recommend a real firewall ... account potential productivity improvements for workers. ... spyware it is best if the users of the computers are not also local ... There are around 14 PCs in all. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: XP Logons and security issues
    ... If the budget allows I highly recommend a real firewall ... account potential productivity improvements for workers. ... spyware it is best if the users of the computers are not also local ... There are around 14 PCs in all. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Home Network -- 2 XP Machines
    ... You said TWO XP PCs... ... which included firewall too. ... you'll need to look for them on "entire network". ... Use only one protocol for File and Printer Sharing. ...
    (microsoft.public.windowsxp.network_web)