Re: [fw-wiz] What is the difference between stateful packet filtering and Stateful pkt inspection ?
From: Volker Tanger (volker.tanger@discon.de)
Date: 01/31/03
- Next message: Balazs Scheidler: "Re: [fw-wiz] Best-of-breed Proxies (was Re: Proxy Firewalls ...)"
- Previous message: Martin Peikert: "Re: [fw-wiz] Acqusition of time"
- In reply to: anil bindal: "[fw-wiz] What is the difference between stateful packet filtering and Stateful pkt inspection ?"
- Next in thread: Frederick M Avolio: "Re: [fw-wiz] What is the difference between stateful packet filtering and Stateful pkt inspection ?"
- Reply: Frederick M Avolio: "Re: [fw-wiz] What is the difference between stateful packet filtering and Stateful pkt inspection ?"
- Reply: Mikael Olsson: "Re: [fw-wiz] What is the difference between stateful packet filteringand Stateful pkt inspection ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Volker Tanger <volker.tanger@discon.de> To: anil bindal <bindal@dcmtech.co.in> Date: Fri Jan 31 11:22:53 2003
Greetings!
anil bindal wrote:
> 1) What is the difference between a stateful pkt filter and stateful
> packet inspection ?
http://wyae.de/secure_gateway/gateways.php
> 2) Does any of above two include the payload verificaion and analysis (
> i.e. application level Proxies !)?
Only the "inspection" ones - but inspection quite often is limited (in
most cases to parts of HTTP).
> 3) What does the WG FB 1000 do ? Stateful Pkt Inspection or Stateful Pkt
> filtering ?
> 4) What does the WG V60 do ? SPInspection or SPfiltering ?
Stateful - definitely. And I guess some inspection for HTTP - but
nothing I know of (please correct me) for other protocols.
> 5) Does the Watch Guard http-filter rule does the same processing on the
> packet as the check point or CISCO PIX rule ??
No. CheckPoint and PIX use (transparent) proxies (called "ressource" or
"fixup") when filtering. But CKP has quite some inspection for a number
of other protocols - especially when it comes to RPC handling, I do not
know any product coming near. Again: please correct me, if I missed
something here.
> 6) Lastly is the stateful packet ( filter or inspection whatever the WG
> boxes do ) sufficient from the security point of view ( no application
> level proxies ? )
Depends on the level and quality of inspection - and of the proxy, of
course. In real-world products proxies are usually a bit better/strict
with respect to security (e.g. checking for RFC conformity).
> why all above questions are being asked is bcose i want to decide on
> either FB 1000 or V60. One of them has BW management and other does not
> have the application level proxies ??
The FB1k has (taken from feature-list) only 4 proxies with
data-sanitation: http, ftp, smtp, dns. If you use e.g. an anti-virus
gateway for these, you'll automatically have most of these features on
the AV gateway. OTOH the Vseries generally is faster with respect to VPN
and has QoS-Mgmt.
> What level of security will i compromise if i decide on V60 with BW
> management ??
What do you need the FW for? What is your 2nd/3rd/4th line of defense?
Bye
Volker Tanger
IT-Security Consulting
-- discon gmbh Wrangelstraße 100 D-10997 Berlin fon +49 30 6104-3307 fax +49 30 6104-3461 volker.tanger@discon.de http://www.discon.de/
- Next message: Balazs Scheidler: "Re: [fw-wiz] Best-of-breed Proxies (was Re: Proxy Firewalls ...)"
- Previous message: Martin Peikert: "Re: [fw-wiz] Acqusition of time"
- In reply to: anil bindal: "[fw-wiz] What is the difference between stateful packet filtering and Stateful pkt inspection ?"
- Next in thread: Frederick M Avolio: "Re: [fw-wiz] What is the difference between stateful packet filtering and Stateful pkt inspection ?"
- Reply: Frederick M Avolio: "Re: [fw-wiz] What is the difference between stateful packet filtering and Stateful pkt inspection ?"
- Reply: Mikael Olsson: "Re: [fw-wiz] What is the difference between stateful packet filteringand Stateful pkt inspection ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
