Re: [fw-wiz] Dark Reading: Firewalls Ready for Evolutionary Shift


"Marcus J. Ranum" <mjr@xxxxxxxxx> wrote:

George Capehart wrote:
Some light reading for the weekend . . . Thought it'd stir the pot a
bit more for the "Firewalls that generate new packets . . ." thread. ;>

http://www.darkreading.com/document.asp?doc_id=140121&f_src=drweekly

[snip]
"Next Generation firewalls"? Gosh, oh, golly - it sounds like what
they're calling "Next Generation firewalls" are kinda sorta like
"what firewalls were supposed to do all along."
[snip]

Everything that's old is new again?

Hasn't this been on the horizon a couple years or so, now? ISTR
starting to hear about application proxies again a couple years ago or
so. I recall laughing, at the time, about how it seemed "security
experts" and admins were going to re-discover something that's been
around for, well, quite a long time.

How sad.

Not to haul this thread off-subject or off-topic, but, ironically:
Coincident with this discussion, here, there is running on another
mailing list to which I'm subscribed a discussion about the email spam
and email-borne malware problem and somebody suggested (paraphrased)
"Maybe if some of the relevant RFC's "should"s and "should not"s were
be turned into "must"s and "must not"s?" Such as "HELO/EHLO MUST
consist of." The other idea floated was that Postel's Robustness
Principle is archaic.

Jim
--
Note: My mail server employs *very* aggressive anti-spam
filtering. If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.linxnet.com/contact/scform.php>.



Jim
--
Note: My mail server employs *very* aggressive anti-spam
filtering. If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.linxnet.com/contact/scform.php>.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Relevant Pages

  • Re: Help with finding hardware firewall that acts like software firewall
    ... level but do not truly control things as per specific program executable. ... They are basically filtering the application data within the packets. ... protection provided by some of the personal firewalls, ... > responsible for using a specific port or ports. ...
    (comp.security.firewalls)
  • Re: [fw-wiz] Query: Role of Firewalls within a SAN environment itself not just the periphery
    ... Yes, both protocols run IP "on top" and both run on fiber but to be able to put a firewall and/or filtering device between hosts, FC switches, or disk you're talking a whole different animal. ... I am wondering what your view point is with respect to firewalls within a Storage Area Network (SAN) environment. ... would it not also be wise to install firewalls either network-based or locally on end SAN systems to provide defense in depth and also provide greater filtering granularity if required? ...
    (Firewall-Wizards)
  • Re: Neither, buy a router.
    ... NOT LAN IP filtering - that's a given. ... filtering is a plus, which I think all Pix firewalls offer, but IP ... 506 Pix series but their literature says nothing about IP filtering. ... Problem with toys like Linksys which are the consumer-level ...
    (comp.security.firewalls)
  • Microsoft TechNet Magazine Article about Outbound Filtering
    ... Host-Based Firewalls Must Filter Outbound Traffic to be Safe. ... | The fact is, despite everyone's best efforts, outbound filtering is ... be needed any more for a default Windows installation, ...
    (comp.security.firewalls)
  • Re: Neither, buy a router.
    ... NOT LAN IP filtering - that's a given. ... > filtering is a plus, which I think all Pix firewalls offer, but IP ... > 506 Pix series but their literature says nothing about IP filtering. ... it is the consumer who needs a firewall the most. ...
    (comp.security.firewalls)