RE: [fw-wiz] Firewalls Compared

From: Laura Taylor (ltaylor_at_relevanttechnologies.com)
Date: 06/27/04

  • Next message: Melson, Paul: "RE: [fw-wiz] LAN-LAN VPN using PIXes and a dialup connection"
    To: <ark@eltex.net>
    Date: Sun, 27 Jun 2004 10:57:01 -0400
    
    

    NuqneH,

    Thanks for the feedback...it's something I'll keep in mind for future
    articles and I really value your constructive comments.

    One thing to know is that each of the ZDNet articles were supposed to be no
    longer than 600 words. It's hard to get very much in depth in such a short
    piece so I really could only touch on things at a high level. I agree that
    logging was mentioned too briefly...which is why at a later point in time I
    wrote a column called "Read Your Firewall Logs!" which you can find via
    Google. The content length for the Jupiter Media article is 1500 words which
    is why it is longer. It's often a requirement that you keep your article
    within a certain number of words so you may have only a limited amount of
    space to get to the point. Maybe at some point I can write an article on the
    advantages and disadvantages of "order independent rule checking."

    Laura

    -----Original Message-----
    From: ArkanoiD [mailto:ark@eltex.net]
    Sent: Sunday, June 27, 2004 4:31 AM
    To: Laura Taylor
    Cc: firewall-wizards@honor.icsalabs.com
    Subject: Re: [fw-wiz] Firewalls Compared

    nuqneH,

    I've found that articles
    are written from "packet filter" point of view, paying almost no
    attention to application protocol support and advanced features besides
    virus scanning, thus it appears
    like it does not mattter if firewall can enforce application security
    policy with proper granularity. And - again - no difference for
    protecting servers vs protecting workstations.

    "order-independant rule checking" is more than questonable feature,
    there are "first match" and "last match" rulesets and i think it's much
    better to keep it clear witch method is used rather than utilize some
    wicked AI to decide ;-)

    Logging/reporting capabilities are mentioned too briefly, though it is most
    important thing to know what happens on the firewall (you cannot just
    read whole daily syslog every morning ;-)

    On Sat, Jun 26, 2004 at 09:06:17AM -0400, Laura Taylor wrote:
    >
    > I would have responded sooner but I was under some tight deadlines to get
    > some work done....
    >
    > I wrote some articles on how to buy a firewall a few years ago. They are a
    > little dated in that there are some new features and functionality that
    > exists on leading products today, that did not exist when I wrote these
    > articles. However, many of the basic principles still exist, and some of
    the
    > tips might at least help you get going in selecting a firewall.
    >
    > Firewall Shopping 101
    > http://www.intranetjournal.com/articles/200202/se_02_13_02a.html
    > February 13, 2002
    >
    > Select the Right Firweall: Part 1
    >
    http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2694089,00.html
    > March 8, 2001
    >
    > Select the Right Firewall: Part 2
    >
    http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2700852,00.html
    > March 25, 2001
    >
    > If you decide to read these articles, let me know if you find any
    mistakes.
    > I might not have had enough cups of coffee when I wrote them and if I
    write
    > any new articles on this topic, I am always open to suggestions for
    > improvements.
    >
    > In my not so copious freetime, I am working on a dynamic spreadsheet that
    > mathematically tabulates firewall decision-making and selection by
    > components. However, being a single Mom with a full-time job doesn't leave
    > me much time to do the fun stuff so it will be awhile before this is
    > anywhere near finished....
    >
    > Laura Taylor
    > Relevant Technologies, Inc.
    > www.relevanttechnologies.com
    >
    > _______________________________________________
    > firewall-wizards mailing list
    > firewall-wizards@honor.icsalabs.com
    > http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    >
    > email protected and scanned by AdvascanTM - keeping email useful -
    www.advascan.com
    >
    >
    >

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Melson, Paul: "RE: [fw-wiz] LAN-LAN VPN using PIXes and a dialup connection"

    Relevant Pages

    • Re: [fw-wiz] Firewalls Compared
      ... attention to application protocol support and advanced features besides ... like it does not mattter if firewall can enforce application security ... > I wrote some articles on how to buy a firewall a few years ago. ... > tips might at least help you get going in selecting a firewall. ...
      (Firewall-Wizards)
    • Re: Xnews: program slows down my computer!
      ... > ...or upgrade to Kerio Personal Firewall. ... Everybody uses ZoneALarm because it's free and because everyone ... If I go into just ONE mp3 group and look at say 30,000 articles, ... constantly processed in memory, every time you look at a single ...
      (news.software.readers)
    • Re: Recalling downloaded articles
      ... It has nothing to do with your antivirus software or your firewall. ... these days - does not prevent access to web servers unless you have blocked ... To increase your chances for success, download the 'formatted for printing' ... > Each morning I go through a number of websites and download articles I ...
      (microsoft.public.windowsxp.perform_maintain)
    • RE: [fw-wiz] Firewalls Compared
      ... I would have responded sooner but I was under some tight deadlines to get ... I wrote some articles on how to buy a firewall a few years ago. ... tips might at least help you get going in selecting a firewall. ...
      (Firewall-Wizards)
    • Re: IPFW
      ... have the right optinons in my rc.conf file. ... >> a response from the knowledgable.) ... > If you create your own firewall then its better to create your own file ... > You may wanna look at my homepage, I have a couple of articles about ...
      (freebsd-questions)