Re: [fw-wiz] Evolution of Firewalls
From: Chunduru Rama Krishna Prasad (rkp_at_intotoinc.com)
Date: 03/09/04
- Previous message: Chris Blask: "Re: [fw-wiz] Evolution of Firewalls"
- Maybe in reply to: skpoo_at_pacific.net.sg: "[fw-wiz] Evolution of Firewalls"
- Next in thread: Devdas Bhagat: "Re: [fw-wiz] Evolution of Firewalls"
- Reply: Devdas Bhagat: "Re: [fw-wiz] Evolution of Firewalls"
- Reply: Marcus J. Ranum: "Re: [fw-wiz] Evolution of Firewalls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <skpoo@pacific.net.sg>, <firewall-wizards@honor.icsalabs.com> Date: Tue, 09 Mar 2004 09:38:39 +0530
Hi Kang,
Application proxy firewalls run based on the applications. Example new
application comes in market again you have to write new application proxy .
Stateful packet inspection firewall is better than proxy firewalls.
Other things which you may would like to consider are:
1. Common attack detection and prevention.
2. ALG Support (There are some applications that don't work
without ALG support such as H.323, FTP, RTSP, SQL*NET,
based on your requirement DNS for twice NAT)
3. Performance.
4. Flexible user interface. 5. Type of NAT support.
6.Do vulnerability scanning for the firewall.Search in the internet for
utilities like nessus etc.,
Analyze your security requirements and make sure that firewall satisfies
your needs.
Regards,
RKP
At 11:56 PM 3/4/2004 +0800, skpoo@pacific.net.sg wrote:
>Hi, I am currently evaluating several types of firewalls for the company.
>
>Our team is currently debating if Stateful Deep Inspection firewall is
>going be the new technology to replace the Application Proxies firewall
>which deem to be most secure currently.
>
>I personally feel that Deep Inspection firewall is less reliable as we
>know that it only blocks what is known to be bad. This seems to be less
>effective and become an never-ending arm race where Deep Inspectioin
>firewall requires the most updated bad list all the time.
>
>On the other hand, Application Proxies firewall only allows what is known
>to be good. This makes the defence become more effective as we know good
>things do not change as frequently as bad things.
>
>Any input would be very much appreciated.
>
>Kang
>
>
>_______________________________________________
>firewall-wizards mailing list
>firewall-wizards@honor.icsalabs.com
>http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Chris Blask: "Re: [fw-wiz] Evolution of Firewalls"
- Maybe in reply to: skpoo_at_pacific.net.sg: "[fw-wiz] Evolution of Firewalls"
- Next in thread: Devdas Bhagat: "Re: [fw-wiz] Evolution of Firewalls"
- Reply: Devdas Bhagat: "Re: [fw-wiz] Evolution of Firewalls"
- Reply: Marcus J. Ranum: "Re: [fw-wiz] Evolution of Firewalls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
