Re: Distributed Firewall

["Kendric" <Kendric () hotpop com>]

You are right in some sense. But as this concept allows easy deployment of
the distributed firewall on top of any existing security mechanism (e.g your
gateway firewalls) of the network, I do not think it will be such an
important issue to focus as all network resources on the intranet are still
protected by the traditional gateway firewall. But on the other hand, I
think what is more important is the management of the distributed firewall
clients sitting outside the gateway firewall (e.g remote computers connect
to the intranet by VPN) that may be more of a concern.

kendric

----- Original Message -----
From: "David Gillett" <gillettdavid () fhda edu>
To: "'Kendric'" <Kendric () hotpop com>;
<security-basics () lists securityfocus com>
Sent: Wednesday, April 23, 2003 6:10 PM
Subject: RE: Distributed Firewall


> > -----Original Message-----
> > From: Kendric [mailto:Kendric () hotpop com]
> >
> > Hi, just wondering if any of you guys heard of this concept
> > of distributed
> > firewall? I have done some research on it and found it to be quite a
> > wonderful concept into bringing the firewall platform to each
> > client/server
> > end with a central management policy. In other words, it is
> > like having a
> > personal firewall on each individual machine, but centrally
> > managed by a
> > remote management console. In this way, we will not have to
> > put any trust
> > even on the machines on the intranet. Any comments?
>
>   I think the idea probably has some merit as part of a "defence
> in depth" approach.
>   But I don't think it's sufficient on its own, because the
> resources that need to be protected do not exist just on the
> individual machines.  The network which connects them -- upon
> which this approach DEPENDS rather heavily! -- lies outside
> the boundary of what can be protected this way.
>
>   A network which includes both gateway firewalls and individual
> host security is going to be a harder nut to crack than a network
> that relies on only one or the other approach.  And centralised
> administration of individual-host firewalls is an idea whose time
> is surely here.
>
> David Gillett




---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the 
world's premier event for IT and network security experts.  The two-day 
Training features 6 hand-on courses on May 12-13 taught by professionals.  
The two-day Briefings on May 14-15 features 24 top speakers with no vendor 
sales pitches.  Deadline for the best rates is April 25.  Register today to 
ensure your place.  http://www.securityfocus.com/BlackHat-security-basics 
----------------------------------------------------------------------------