Re: [fw-wiz] Firewall best practices



$quoted_author = "Marcus J. Ranum" ;

That's why firewalls need to go back to doing what they
originally did, and parsing/analyzying the traffic that
flows through them, rather than "stateful packet
inspection" (which, as far as I can tell, means that
there's a state-table entry saying "I saw SYN!")

Marcus, are you referring to DPI or proxies or both or something else
entirely?


If the firewall doesn't understand the data it's passing,
it's not a firewall, it's a hub.

If an application emulates HTTPS traffic and is proxy aware, how do you tell
the difference?

cheers
Marty
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: [fw-wiz] Application Intelligent vs ALG
    ... > other hybrid firewalls). ... Inspection modules only observe the passing data flow, ... they simply cut the connection. ... the IP header. ...
    (Firewall-Wizards)
  • Re: Firewalls purchase research
    ... I thoroughly disagree with the point that the best firewalls are hardware ... alll major vendors of dual platform devices (appliance, ... I will take my ISA server running layer 7 inspection on a Proliant dual proc ...
    (microsoft.public.security)
  • Re: Something simpler
    ... And both firewalls, as to I know, don't have advanced contents inspection ... > Consider Kerio or Zone Alarm ... >> firewall which includes real stateful packet inspection capabilities. ...
    (comp.security.firewalls)
  • RE: [fw-wiz] Single Exchange/OWA on LAN with Internet Access - a good
    ... >Firewalls are certainly evolving beyond ports and addresses and we see ... >application inspection. ... what interface a packet came in on is very useful). ... largely a result of implementation detail flaws in the first generation Layer 7 ...
    (Firewall-Wizards)
  • Re: [fw-wiz] Firewalls Compared
    ... box that mediates access between networks, ... the original firewalls (application proxy ... They can be "deep inspection firewall" or "layer 8 firewall" ...
    (Firewall-Wizards)