Re: [fw-wiz] Evolution of Firewalls

From: ArkanoiD (ark_at_eltex.ru)
Date: 03/09/04

  • Next message: Bill Van Emburg: "[fw-wiz] Re: firewall-wizards digest, Vol 1 #1229 - 18 msgs"
    To: Dave Piscitello <dave@corecom.com>
    Date: Tue, 9 Mar 2004 12:24:33 +0300
    
    

    nuqneH,

    There is major difference: proxy does analysis and reconstructs data
    stream from analysed data, and stateful ispection system can only decide
    to let it pass or no. The impact is obvious: it is much more likely for
    stateful inspection system to miss thing that is not known to it or to
    exploit a bug when inspection system parses data differently from
    the communication endpoint. The proxy output stream, not only general
    verdict, depends on parsing results.

    YMMV and it is implementation dependant; a bad proxy may implement
    protocol without proper detalization and a good stateful inspection engine
    may behave better, but proxy technology in general is clearly superior
    for real world.

    On Mon, Mar 08, 2004 at 02:37:02PM -0500, Dave Piscitello wrote:
    > Stateful inspection, deep packet inspection, application protection,
    > application intelligence, application aware ...
    >
    > Lots of names for the same security functionality: examining application
    > headers and application data streams for attacks and blocking them. You can
    > and some vendors still do this using proxy architecture, while some use the
    > same stateful packet inspecting methods they used to examine network
    > protocol headers.
    >
    > The most secure firewall? Probably has less to do with proxy vs. stateful
    > inspection than policy, implementation/configuration, and the admin at the
    > policy console.
    >
    > At 08:48 PM 3/7/2004 -0500, Frederick M Avolio wrote:
    > >At 11:56 PM 3/4/2004 +0800, skpoo@pacific.net.sg wrote:
    > >>... Our team is currently debating if Stateful Deep Inspection firewall
    > >>is going be the new technology to replace the Application Proxies
    > >>firewall which deem to be most secure currently. ...
    > >
    > >At the risk of being obvious -- or worse, being called a dinosaur :-), It
    > >depends. Do you care more about usability or security? When push comes to
    > >shove is it more important to never stop a connection at the risk of the
    > >possibility of something bad slipping through? It really is as simple as
    > >that. I tell people in one of my classes, you hear about it if you
    > >misconfigure your firewall to reject a required action, but will rarely
    > >hear about if if you allow too much through. (I stated it as "You always
    > >hear about conservative errors but rarely about liberal ones," but that
    > >could be taken wrong now-a-days.)
    > >
    > >Fred
    > >
    > >_______________________________________________
    > >firewall-wizards mailing list
    > >firewall-wizards@honor.icsalabs.com
    > >http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    >
    >
    > _______________________________________________
    > firewall-wizards mailing list
    > firewall-wizards@honor.icsalabs.com
    > http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Bill Van Emburg: "[fw-wiz] Re: firewall-wizards digest, Vol 1 #1229 - 18 msgs"

    Relevant Pages

    • Re: Kerio PFW 2.14 - Safe?
      ... If Kerio 2.14/5 states it's stateful, ... inspection is a type of inspection... ... the rules set the firewall applies. ...
      (comp.security.firewalls)
    • Re: [fw-wiz] Stateful Proxying?
      ... > even the most basic proxy (the plug-gw from the FWTK for example) is as ... > stateful as most of the stateful filter firewalls out there. ... A "stateful proxy" can easily be so much ... That's not to say a packet filtering solution can't have a stateful ...
      (Firewall-Wizards)
    • Re: stateful inspection
      ... > This question will make sense only for readers familiar with "stateful ... > about what reality is behind Netgear's "stateful inspection"? ... The RO318 uses a relatively simple ZyNOS stateful firewall implementation ... While Keith is partially right about keeping connection state, ...
      (comp.security.firewalls)
    • Re: [fw-wiz] What is the difference between stateful packet filtering and Stateful pkt inspection ?
      ... > 1) What is the difference between a stateful pkt filter and stateful ... > i.e. application level Proxies!)? ... And I guess some inspection for HTTP - but ... "fixup") when filtering. ...
      (Firewall-Wizards)
    • Re: [fw-wiz] Evolution of Firewalls
      ... Stateful inspection, deep packet inspection, application protection, ... headers and application data streams for attacks and blocking them. ... Our team is currently debating if Stateful Deep Inspection firewall ...
      (Firewall-Wizards)