Re: [fw-wiz] Firewall best practices

$quoted_author = "Marcus J. Ranum" ;

That's why firewalls need to go back to doing what they
originally did, and parsing/analyzying the traffic that
flows through them, rather than "stateful packet
inspection" (which, as far as I can tell, means that
there's a state-table entry saying "I saw SYN!")

Marcus, are you referring to DPI or proxies or both or something else

If the firewall doesn't understand the data it's passing,
it's not a firewall, it's a hub.

If an application emulates HTTPS traffic and is proxy aware, how do you tell
the difference?

firewall-wizards mailing list

Relevant Pages

  • Re: [fw-wiz] Application Intelligent vs ALG
    ... > other hybrid firewalls). ... Inspection modules only observe the passing data flow, ... they simply cut the connection. ... the IP header. ...
  • Re: Firewalls purchase research
    ... I thoroughly disagree with the point that the best firewalls are hardware ... alll major vendors of dual platform devices (appliance, ... I will take my ISA server running layer 7 inspection on a Proliant dual proc ...
  • Re: Something simpler
    ... And both firewalls, as to I know, don't have advanced contents inspection ... > Consider Kerio or Zone Alarm ... >> firewall which includes real stateful packet inspection capabilities. ...
  • RE: [fw-wiz] Single Exchange/OWA on LAN with Internet Access - a good
    ... >Firewalls are certainly evolving beyond ports and addresses and we see ... >application inspection. ... what interface a packet came in on is very useful). ... largely a result of implementation detail flaws in the first generation Layer 7 ...
  • Re: [fw-wiz] Firewalls Compared
    ... box that mediates access between networks, ... the original firewalls (application proxy ... They can be "deep inspection firewall" or "layer 8 firewall" ...