Re: Firewall vs. IPS - Differences now (ISS, Intrushield 2.1?)

From: Shaiful (
Date: 08/23/04

  • Next message: Jason Wright: "Re: NIDS/NIPS implications on HSRP"
    Date: Sun, 22 Aug 2004 17:32:43 -0700 (PDT)
    To: "M. Dodge Mumford" <>


    I think what you meant is the SOCKS firewall. I've
    never really understand the technology behind it
    except that it's working at the transport layer. Can
    somebody enlighten us with this technology in a layman

    May be this email should be inside firewall mailing
    list but just wondering about the technology behind
    it. If you can compare this technology with network
    and application layer firewall, it is better since I
    understand both of them, more or less.

    I know the faq site in case you want to link it:

    Thanks in advance.


    --- "M. Dodge Mumford" <> wrote:

    > Rob Shein said:
    > > At first, there were packet filters, which only
    > cared about what ports were
    > > used and which hosts were talking; they were
    > ignorant with regard to
    > > connection state, fragmentation, or any other
    > aspects of the communication.
    > > And they failed to account for services like FTP,
    > where an outside host
    > > needs to open a second inbound channel on an
    > unpredictable port to the
    > > server. But it definitely cut back on the
    > exposure of a network to outside
    > > attackers.
    > Actually, you missed the first step -- proxy
    > firewalls. They used their
    > host's TCP stack, could readily handle secondary
    > channels for services where
    > proxies chad been written. The boxes were expected
    > to be bastions -- to
    > actually block traffic, and to fall over if attacked
    > with sufficient vigor
    > (thus protecting the critical resources). But they
    > were slow compared to
    > the packet filters and stateful inspection
    > firewalls. The vendors failed to
    > demonstrate how they could mitigate attacks that the
    > market failed to
    > appreciate (or decided the cost outweighed the
    > risk). They would have been
    > an ideal place to perform the checks that prevention
    > systems are now moving
    > towards, but are treated as tubercular lepers.
    > As Ron Gula mentions, enterprise firewalls are
    > expected to have a certain
    > (large) feature set. By referring to this new breed
    > of stuff as being "kinda
    > like a firewall", vendors get to create an entire
    > new buzzphrase (rest in
    > peace, lowly buzzword), and not have to directly
    > compete with the big guys
    > who dominate that space. IPS vendors don't have to
    > feel bad about not being
    > a VPN endpoint, proxies, etc. Yet.
    > It seems to me the meaning of "firewall" has long
    > since been extended to
    > mean just about anything that has the ability to
    > block traffic.
    > --
    > Dodge, who works for a vendor in the market. Add
    > salt.

    > ATTACHMENT part 2 application/pgp-signature

    Do you Yahoo!?
    Yahoo! Mail - 50x more storage than other providers!

    FREE Network Security Webinar - How to implement IPSec security into VPN appliances
    New threats and vulnerabilities require new high-performance IPSec VPN solutions for network protection.
    Join the security experts from SafeNet on August 26 at 1:00 PM (Eastern), and learn how to successfully integrate IPSec security into VPN processors and appliances to provide powerful yet cost-effective VPN solutions for your customers.
    Register now:

  • Next message: Jason Wright: "Re: NIDS/NIPS implications on HSRP"

    Relevant Pages

    • Re: IP GAPPING - Tricky one
      ... port scan, which came back with zero ports open. ... So I guess its kind of like a stateful firewall ... >> "IP Gap Technology ensures access to the connected ... >> computer system is disabled as it creates a virtual GAP ...
    • [fw-wiz] GIDS, Intrusion Prevention: A Firewall by Any Other Name
      ... intrusion detection pattern matching rules to the content they see ... To me, this is a firewall. ... I am *not* criticizing the technology. ... proprietary "intrusion prevention" technologies (i.e. I've forgotten the ...
    • [fw-wiz] Fw: [Full-Disclosure] DCOM Exploit MS03-026 attack vectors
      ... >> their Ericsson phones, and surfing from the airport and WIFI cafes of ... > This is just the technology we already have on hand. ...
    • Re: what should I do when....
      ... My initial reaction to this is that you should block all IP addresses belonging to that company *if* you do not need to communicate with them via the internet. ... My secondary reaction is to tell you not to advertise what sort of technology you are using in public forum. ... firewall logs, from a specific ip based in Canada, the log is showing a ... Although the good thing is that the firewall is detecting them therefore stopping them, I'm getting worried of hacker activity, I've already done ip lookup, and dns whois query both of those point to ip and host in Canada it seems to be a company as I got their public website and also private network.....could anyone advice me what's the proper course of actions in this case?.... ...
    • RE: Sandboxing
      ... the 3Com Embedded Firewall would be extremely useful and enabling (in ... your case) when you look at it in a VPN context. ... This security policy will accomplish quite a few things: ... During the Policy Server installation, ...