Firewall Wizards mailing list archives
Re: encapsulated protocols?
From: "Itai Dor-on" <silicom () netvision net il>
Date: Sat, 7 Feb 1998 13:13:20 +0200
In my opinion a "firewall" system is mainly a platform for developing "security components" that handle specific application security issues. Due to the current-near future Internet Infrastructure we are limited by the current TCP/IP protocol security limitations and with that we have to deal with. It is not practical, under the current implementation for any vendor to support all known Internet service that are Home made. Thus, Security handling should rely on the specific software vendor Any vendor writing applications that are Internet aware should take security exploits in his product under consideration. and support it. I don't think that the direction of technologies like proxy/statefull inspection should change under the current Internet infrastrucutre.BUT the software market should reinvent itself by selling or supporting security as an added value/feature to the base product. Suppose I am customer that runs firewall-1 as my main security defense and I was doing a market research for a new Internet mail server. If had to make a discussion between one product that does all the basic things and it's security is supported by the vendor throughout a special implementation on the firewall-1 product OR another very sophisticated mail server which is not supported. I would consider the availability time to be prime factor for decision. thus selecting the first. The whole concept must change firewall vendors should supply the a very sophisticated-but not application aware OS (like some one we know - M...). It should provide the tools/programming language for an easy development of packet/session content examination built by various vendors. To think of developing a pro-actively secure solution is not-serious in this era of time. Providing a sophisticated platform for quick development of security defense components is the only way to go at the moment. Bye. Itai Dor-on p.s I apologize in advance for my English grammar. "Three may keep a secret, if two of them are dead" - Benjamin Franklin, 1735
Current thread:
- Re: IPsec and firewalls, (continued)
- Re: IPsec and firewalls carson (Feb 09)
- Effect of full disk on logging under FW-1 v 2.1? Bret Watson (Feb 09)
- Re: IPsec and firewalls Ted Doty (Feb 09)
- Re: encapsulated protocols? Aleph One (Feb 07)
- Re: encapsulated protocols? Adam Shostack (Feb 07)
- Re: encapsulated protocols? Larry J. Hughes Jr. (Feb 09)
- Re: encapsulated protocols? Bennett Todd (Feb 04)
- Re: encapsulated protocols? Rick_Giering_at_mpg003 (Feb 06)
- Re: encapsulated protocols? Jeromie Jackson (Feb 07)
- Re: encapsulated protocols? dharris (Feb 06)
- Re: encapsulated protocols? Itai Dor-on (Feb 07)
- Re: encapsulated protocols? Marcus J. Ranum (Feb 09)
- Re: encapsulated protocols? Steve Bellovin (Feb 09)