Re: [fw-wiz] Firewall best practices



Carson Gaspar wrote:

Once upon a time I did some serious thinking about a signature based
firewall, that cared only a little about port numbers, and a lot about
packet content. It would necessarily involve an update cycle similar to
anti-virus signature updates.

I've seen some work on this, mostly from a traffic shaping / IPS / IDS
slant, but I haven't seen anything serious from the firewall front. But
then I haven't been doing firewalls for several years, so I may just be
behind the times.

For a firewall thinking beyond the header, you may want to check out Palo
Alto - http://www.paloaltonetworks.com/

You never know, if you could record your serious thinking and send it back
in time a few years, you might be able to sue them retroactively :-)

For those of us still doing firewalls, it's an interesting evolution.
It's particularly useful to those of us who automate firewall analysis - a
whole new mountain of details to figure out, effectively a form of job
security for firewall wizards everywhere.

Mike


_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: Kerio PFW 2.14 - Safe?
    ... >> down user interface. ... Then consider the fact that most packet ... If Kerio 'X' says it's stateful it most ... >> way to know for sure would be to stand between the firewall and the ...
    (comp.security.firewalls)
  • Re: Firewall questions -- what is ...?
    ... packet payload inspection. ... IDS is not a firewall and does not necessarily protect you. ... port number for a well known service and the destination port is above 1023, ... Firewalls and IDS are prone to frequent false alarms. ...
    (microsoft.public.security)
  • Re: Max iptables rules?
    ... Here is my understanding of how Iptables processes firewall rules, ... Lets say the above is our firewall with 1000 rules in it. ... The packet will be compared to the list. ... On the 3rd rule, iptables will find a match and will allow the packet, ...
    (comp.security.firewalls)
  • Re: Max iptables rules?
    ... Here is my understanding of how Iptables processes firewall rules, ... Lets say the above is our firewall with 1000 rules in it. ... The packet will be compared to the list. ... On the 3rd rule, iptables will find a match and will allow the packet, ...
    (comp.security.firewalls)
  • Re: Max iptables rules?
    ... Here is my understanding of how Iptables processes firewall rules, ... Lets say the above is our firewall with 1000 rules in it. ... The packet will be compared to the list. ... On the 3rd rule, iptables will find a match and will allow the packet, ...
    (comp.security.firewalls)