Re: [fw-wiz] Evolution of Firewalls

• Previous message: Dave Piscitello: "Re: [fw-wiz] Evolution of Firewalls"
• In reply to: Dave Piscitello: "Re: [fw-wiz] Evolution of Firewalls"
• Next in thread: Dave Piscitello: "Re: [fw-wiz] Evolution of Firewalls"
• Reply: Dave Piscitello: "Re: [fw-wiz] Evolution of Firewalls"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Dave Piscitello <dave@corecom.com>, <skpoo@pacific.net.sg>, <firewall-wizards@honor.icsalabs.com>
Date: Mon, 08 Mar 2004 15:14:46 -0500

At 02:37 PM 3/8/2004 -0500, Dave Piscitello wrote:
>Lots of names for the same security functionality: examining application
>headers and application data streams for attacks and blocking them. You
>can and some vendors still do this using proxy architecture, while some
>use the same stateful packet inspecting methods they used to examine
>network protocol headers.

well, yeah but not really. That is the problem. All different names for
slightly different ways of doing things. The the devil is in the
difference. But some people have lost those differences in the marketing
noise, if they ever understood the differences.

>The most secure firewall? Probably has less to do with proxy vs. stateful
>inspection than policy, implementation/configuration, and the admin at the
>policy console.

I disagree. Both are important. The greatest policy then only gives you as
much security as your security mechanisms will allow.

Fred

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Dave Piscitello: "Re: [fw-wiz] Evolution of Firewalls"
• In reply to: Dave Piscitello: "Re: [fw-wiz] Evolution of Firewalls"
• Next in thread: Dave Piscitello: "Re: [fw-wiz] Evolution of Firewalls"
• Reply: Dave Piscitello: "Re: [fw-wiz] Evolution of Firewalls"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]