Re: Firewalls and Cryptography
- From: Volker Birk <bumens@xxxxxxxxxxx>
- Date: 17 Oct 2006 05:06:34 +0200
BobS <noone@xxxxxxxxxxx> wrote:
A Virus Scanner is something, that detects malware in streams or inA Gateway AV solution is an on-the-fly solution so while the packet(s) are
persistent data ("detecting negative things"). I'm not using virus
scanners, which search RAM, because I think they're useless.
being inspected, it's typically at wire speed on the bigger/better
appliances. Whether they're using a high-speed shift register or buffering
it in RAM, I don't know but supposedly, the "time hit" is only slightly
greater than a firewall only device. Manufacturer dependent. So, the AV is
not searching through RAM in this architecture.
I agree. Of course, implementation needs RAM here. But it's not the RAM
of the computers which should be protected.
You can say, that a Virus Scanner can be a special case of firewall onAlmost.....;-)
layer 7 according to RFC 2979, if it filters away data with malware.
You can say, that a Firewall can be a special case of a virus scanner,
according to RFC 2979, if it filters on layer 7 and removes mails and
transmitted files with malware.
I would not prefer to define in such a way, because this mixes terms. I'd
prefer to define, that if a firewall implementation filters that
way, it additionally has a virus scanner component (as I did).
Clear now?
Your reference to RFC2979 made me go looking and digging a bit and I can't
see where this version http://rfc.net/rfc2979.html dated Oct 2000 allows
for those two statements - not even in the broadest sense. RFC's do change
and I may not have found the latest version.
From there (Chapter 1. Introduction, second paragraph):
| A "firewall" is an agent which screens network traffic in some way,
| blocking traffic it believes to be inappropriate, dangerous, or both.
You make a valid point about not wanting to group the two terms together
from a purists viewpoint but the industry has already done so and they call
it, UTM (Unfified Threat Management).
Yes. I just want to differ for better describing the behaviour of some
products.
[Virus Scanners]
Is it good enough for the IBM's, GE's, AMEX type company's - absolutely not
since they are big targets. But for a small business, yes, it's a
reasonable and efficient solution. Not perfect by a long shot but what esle
would you recommend?
Secure configuration, which is called by some people "hardening". And
intelligent use. Maybe usage of not-so-b0rken software.
Yours,
VB.
--
"Ich lache nie."
Besim Karadeniz in d.c.s.m.
.
- Follow-Ups:
- Re: Firewalls and Cryptography
- From: BobS
- Re: Firewalls and Cryptography
- References:
- Firewalls and Cryptography
- From: popboyz69
- Re: Firewalls and Cryptography
- From: Volker Birk
- Re: Firewalls and Cryptography
- From: BobS
- Re: Firewalls and Cryptography
- From: Volker Birk
- Re: Firewalls and Cryptography
- From: BobS
- Re: Firewalls and Cryptography
- From: Volker Birk
- Re: Firewalls and Cryptography
- From: BobS
- Firewalls and Cryptography
- Prev by Date: Re: Firewalls and Cryptography
- Next by Date: Re: Zone Alarm Pro on server denying client access to 'Net from client laptop
- Previous by thread: Re: Firewalls and Cryptography
- Next by thread: Re: Firewalls and Cryptography
- Index(es):
Relevant Pages
|
