RE: Distributed Firewall
From: A Packard (Bugtraq) (bugtraq_posts@firegoblin.com)
Date: 04/24/03
- Previous message: Stephen Entwisle: "SecurityFocus Article Announcement"
- In reply to: David Gillett: "RE: Distributed Firewall"
- Next in thread: Ken Kousky: "RE: Distributed Firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "A Packard (Bugtraq)" <bugtraq_posts@firegoblin.com> To: <security-basics@lists.securityfocus.com> Date: Thu, 24 Apr 2003 17:07:38 +0100
There are quite a few commercial firewall products that are designed for
installation on a single machine, there's a version of CheckPoint FW-1 that
is for host based protection rather than network protection and it
integrates seamlessly into FW-1/Provider-1 management systems.
-----Original Message-----
From: David Gillett [mailto:gillettdavid@fhda.edu]
Sent: 23 April 2003 18:11
To: 'Kendric'; security-basics@lists.securityfocus.com
Subject: RE: Distributed Firewall
> -----Original Message-----
> From: Kendric [mailto:Kendric@hotpop.com]
>
> Hi, just wondering if any of you guys heard of this concept
> of distributed
> firewall? I have done some research on it and found it to be quite a
> wonderful concept into bringing the firewall platform to each
> client/server
> end with a central management policy. In other words, it is
> like having a
> personal firewall on each individual machine, but centrally
> managed by a
> remote management console. In this way, we will not have to
> put any trust
> even on the machines on the intranet. Any comments?
I think the idea probably has some merit as part of a "defence
in depth" approach.
But I don't think it's sufficient on its own, because the
resources that need to be protected do not exist just on the
individual machines. The network which connects them -- upon
which this approach DEPENDS rather heavily! -- lies outside
the boundary of what can be protected this way.
A network which includes both gateway firewalls and individual
host security is going to be a harder nut to crack than a network
that relies on only one or the other approach. And centralised
administration of individual-host firewalls is an idea whose time
is surely here.
David Gillett
---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the
world's premier event for IT and network security experts. The two-day
Training features 6 hand-on courses on May 12-13 taught by professionals.
The two-day Briefings on May 14-15 features 24 top speakers with no vendor
sales pitches. Deadline for the best rates is April 25. Register today to
ensure your place. http://www.securityfocus.com/BlackHat-security-basics
----------------------------------------------------------------------------
--- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.470 / Virus Database: 268 - Release Date: 08/04/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.470 / Virus Database: 268 - Release Date: 08/04/2003 --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-security-basics ----------------------------------------------------------------------------
- Previous message: Stephen Entwisle: "SecurityFocus Article Announcement"
- In reply to: David Gillett: "RE: Distributed Firewall"
- Next in thread: Ken Kousky: "RE: Distributed Firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
