Re: [fw-wiz] so much for "deny all"
From: Rob Hughes (rob_at_robhughes.com)
Date: 06/11/05
- Previous message: Chuck Swiger: "Re: [fw-wiz] Host based vs network firewall in datacenter"
- In reply to: Tina Bird: "[fw-wiz] so much for "deny all""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: firewall-wizards@honor.icsalabs.com Date: Sat, 11 Jun 2005 11:15:57 -0500
On Tue, 2005-06-07 at 09:41 -0700, Tina Bird wrote:
> From the TechTarget coverage of the Gartner Security Summit this week:
>
> "Next generation firewalls that do deep-packet inspections from vendors like
> Juniper Networks, Check Point and Fortinet employ a heuristics engine and
> allow all network traffic and behavior, except those which policy says it
> must block. Most enterprises, however, refresh their firewall purchases on a
> three- to five-year cycle and that makes it challenging to synch new
> features."
This would be incorrect, at least with regards to CheckPoint boxes. The
only way to produce the behavior they describe would be to add an
explicit any any accept rule in the security policy. Of course,
considering that it's Gartner, they may very well have done exactly
that.
-- Ignorance is a condition. Stupidity is a way of life. _______________________________________________ firewall-wizards mailing list firewall-wizards@honor.icsalabs.com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Chuck Swiger: "Re: [fw-wiz] Host based vs network firewall in datacenter"
- In reply to: Tina Bird: "[fw-wiz] so much for "deny all""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
