Re: [fw-wiz] so much for "deny all"

• Previous message: Brian Loe: "RE: [fw-wiz] Ok, so now we have a firewall, we're safe, right?"
• In reply to: Tina Bird: "[fw-wiz] so much for "deny all""
• Next in thread: Tina Bird: "RE: [fw-wiz] so much for "deny all""
• Reply: Tina Bird: "RE: [fw-wiz] so much for "deny all""
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Tina Bird" <tbird@precision-guesswork.com>
Date: Fri, 10 Jun 2005 14:21:09 -0400

This is very good publicity for firewall vendors not in the list who
provide a default "DENY ALL" in policy configuration. I'll enjoy
tormenting friends at these companies over this:-)

But the 2nd statement is very odd, don't you think? Not only is it
remarkably difficult to parse, but it flies in the face of (my)
experience.

Taking the source with a grain of salt, I find it hard to believe
that most enterprises change security vendors every five years.

Perhaps 100% of my clients buck this trend. Upgrades, yes.
Forklifting firewalls? I have yet to see this except in circumstances
where the prior firewall failed pitifully in enforcing policy.

On 7 Jun 2005 at 9:41, Tina Bird wrote:

> >From the TechTarget coverage of the Gartner Security Summit this
> >week:
>
> "Next generation firewalls that do deep-packet inspections from
> vendors like Juniper Networks, Check Point and Fortinet employ a
> heuristics engine and allow all network traffic and behavior, except
> those which policy says it must block. Most enterprises, however,
> refresh their firewall purchases on a three- to five-year cycle and
> that makes it challenging to synch new features."

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Brian Loe: "RE: [fw-wiz] Ok, so now we have a firewall, we're safe, right?"
• In reply to: Tina Bird: "[fw-wiz] so much for "deny all""
• Next in thread: Tina Bird: "RE: [fw-wiz] so much for "deny all""
• Reply: Tina Bird: "RE: [fw-wiz] so much for "deny all""
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: [fw-wiz] so much for "deny all" ... >> vendors like Juniper Networks, Check Point and Fortinet employ a ... > This is very good publicity for firewall vendors not in the list who ... (if anyone in this politically correct time still indulges in multi-martini ... the company at which I did my first firewall install replaced the ... (Firewall-Wizards) Re: [fw-wiz] httport 3snf ... > Having worked in the Firewall support role at several companies, ... I had my CIO approve my security policy. ... time educating him about Internet risk. ... There's also a very good "at what point is the firewall now useless" ... (Firewall-Wizards) RE: Sandboxing ... the 3Com Embedded Firewall would be extremely useful and enabling (in ... your case) when you look at it in a VPN context. ... This security policy will accomplish quite a few things: ... During the Policy Server installation, ... (Focus-IDS) Re: Questions About Windows Firewall and Domain Policy Enforcement ... Can you please provide me with more detail with what you mean by connecting ... configure the firewall, namely group policy, net shell scripts, manual ... You can do this through group policy or a login script. ... > as there is no Standard Profile configured. ... (microsoft.public.win2000.group_policy) Re: Questions About Windows Firewall and Domain Policy Enforcement ... Can you please provide me with more detail with what you mean by connecting ... configure the firewall, namely group policy, net shell scripts, manual ... You can do this through group policy or a login script. ... > as there is no Standard Profile configured. ... (microsoft.public.windows.group_policy)