RE: [fw-wiz] Multiple firewalls from different manufactureres

From: Paul D. Robertson (paul_at_compuwar.net)
Date: 01/29/05

  • Next message: Joseph S D Yao: "Re: [fw-wiz] Multiple firewalls from different manufactureres" 
    To: MHawkins@TULLIB.COM
Date: Fri, 28 Jan 2005 20:20:20 -0500 (EST)

    On Fri, 28 Jan 2005 MHawkins@TULLIB.COM wrote:

    > Yes but PLA's are reprogrammable. Sort of like EPROM or EEPROM. Atleast they
    > can be swapped out.
    >
    > Imagine a PCI like "security" slot that is where you plug in your "secured
    > protocol module".
    >

    It's difficult enough getting folks to update their software.

    > Sure, converting an RFC into something that works in a PLA would be tough.
    > But doable.

    Who's implementation?

    > And actually IPSec is a great example where ASIC's have been developed to
    > handle the algorithms along with parts of the layer 3 implementation.

    It's also a great example of why doing so isn't the easiest task on the
    planet for a single protocol, let alone the number a firewall should deal
    with. When two products from the same vendor can't intercommunicate,
    things are not good. Take the amount of time it took to get IPSec to even
    work with PSKs...

    > Ofcourse, you would want to ensure that you could upload new code to the
    > PLA's (or swap them out) - in a secure manner.

    The more difficult it is to update, the less updating will happen.

    >
    > Imagine if I could put a card into my pc that matched virus signatures
    > instead of using all those CPU cycles having it done in software.

    I can't imagine opening a PC every week to swap out cards, and it's still
    in software, it's just the software gets loaded on chip.

    You're still going to have to wait on something, no matter where you do
    it.

    I've got a better solution- change platforms, I haven't run AV software
    in at least a dozen years, a true zero cycle solution ;)

    Paul
    -----------------------------------------------------------------------------
    Paul D. Robertson "My statements in this message are personal opinions
    paul@compuwar.net which may have no basis whatsoever in fact."
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Joseph S D Yao: "Re: [fw-wiz] Multiple firewalls from different manufactureres"