Re: [fw-wiz] Firewall best practices
- From: "Lloyd, Mike" <drmike@xxxxxxxxxxx>
- Date: Wed, 28 Apr 2010 07:55:13 -0700 (PDT)
Carson Gaspar wrote:
Once upon a time I did some serious thinking about a signature based
firewall, that cared only a little about port numbers, and a lot about
packet content. It would necessarily involve an update cycle similar to
anti-virus signature updates.
I've seen some work on this, mostly from a traffic shaping / IPS / IDS
slant, but I haven't seen anything serious from the firewall front. But
then I haven't been doing firewalls for several years, so I may just be
behind the times.
For a firewall thinking beyond the header, you may want to check out Palo
Alto - http://www.paloaltonetworks.com/
You never know, if you could record your serious thinking and send it back
in time a few years, you might be able to sue them retroactively :-)
For those of us still doing firewalls, it's an interesting evolution.
It's particularly useful to those of us who automate firewall analysis - a
whole new mountain of details to figure out, effectively a form of job
security for firewall wizards everywhere.
firewall-wizards mailing list
- Prev by Date: Re: [fw-wiz] Firewall best practices
- Next by Date: Re: [fw-wiz] Firewall best practices
- Previous by thread: Re: [fw-wiz] Firewall best practices
- Next by thread: [fw-wiz] benevolent SSL MITM