Re: [fw-wiz] so much for "deny all"

From: Dave Piscitello (dave_at_corecom.com)
Date: 06/10/05

  • Next message: Devdas Bhagat: "Re: [fw-wiz] Host based vs network firewall in datacenter" 
    To: "Tina Bird" <tbird@precision-guesswork.com>
Date: Fri, 10 Jun 2005 14:21:09 -0400

    This is very good publicity for firewall vendors not in the list who
    provide a default "DENY ALL" in policy configuration. I'll enjoy
    tormenting friends at these companies over this:-)

    But the 2nd statement is very odd, don't you think? Not only is it
    remarkably difficult to parse, but it flies in the face of (my)
    experience.

    Taking the source with a grain of salt, I find it hard to believe
    that most enterprises change security vendors every five years.

    Perhaps 100% of my clients buck this trend. Upgrades, yes.
    Forklifting firewalls? I have yet to see this except in circumstances
    where the prior firewall failed pitifully in enforcing policy.

    On 7 Jun 2005 at 9:41, Tina Bird wrote:

    > >From the TechTarget coverage of the Gartner Security Summit this
    > >week:
    >
    > "Next generation firewalls that do deep-packet inspections from
    > vendors like Juniper Networks, Check Point and Fortinet employ a
    > heuristics engine and allow all network traffic and behavior, except
    > those which policy says it must block. Most enterprises, however,
    > refresh their firewall purchases on a three- to five-year cycle and
    > that makes it challenging to synch new features."

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Devdas Bhagat: "Re: [fw-wiz] Host based vs network firewall in datacenter"

    Relevant Pages

    • RE: [fw-wiz] so much for "deny all"
      ... >> vendors like Juniper Networks, Check Point and Fortinet employ a ... > This is very good publicity for firewall vendors not in the list who ... (if anyone in this politically correct time still indulges in multi-martini ... the company at which I did my first firewall install replaced the ...
      (Firewall-Wizards)
    • Re: [fw-wiz] httport 3snf
      ... > Having worked in the Firewall support role at several companies, ... I had my CIO approve my security policy. ... time educating him about Internet risk. ... There's also a very good "at what point is the firewall now useless" ...
      (Firewall-Wizards)
    • RE: Sandboxing
      ... the 3Com Embedded Firewall would be extremely useful and enabling (in ... your case) when you look at it in a VPN context. ... This security policy will accomplish quite a few things: ... During the Policy Server installation, ...
      (Focus-IDS)
    • Re: Questions About Windows Firewall and Domain Policy Enforcement
      ... Can you please provide me with more detail with what you mean by connecting ... configure the firewall, namely group policy, net shell scripts, manual ... You can do this through group policy or a login script. ... > as there is no Standard Profile configured. ...
      (microsoft.public.win2000.group_policy)
    • Re: Questions About Windows Firewall and Domain Policy Enforcement
      ... Can you please provide me with more detail with what you mean by connecting ... configure the firewall, namely group policy, net shell scripts, manual ... You can do this through group policy or a login script. ... > as there is no Standard Profile configured. ...
      (microsoft.public.windows.group_policy)