Firewall Wizards mailing list archives
Re: Reactive Firewalls
From: Rick Smith <smith () securecomputing com>
Date: Wed, 11 Feb 1998 10:09:31 -0600
At 9:10 PM -0600 2/9/98, Aleph One wrote:
Reactive firewalls are one of the worths ideas yet. You are taking automated actions based on non-authenticated possible bogus data. That is a formular for disaster. Read the recent (release today) Secure Network paper on IDS's and their flaws for some reasons why this is so.
When we cross this with Bill Stout's followup message, it's clear there are several classes of reactive firewalls, depending on various choices: 1) reacting to internal information versus reacting to external information 2) reactions that change the firewall's operating behavior versus reactions that collect data and send alarms. Sidewinder is reactive only to the point of trying to collect additional information and send alerts to the site admin. These decisions are based on information collected from processes inside Sidewinder, and try to deduce when an outsider is doing something bad. There could be a false alarm problem with this, but that's true of any security measure. Personally, I don't think we understand data security architecture well enough to be designing systems that adapt their behavior automatically to detected environmental conditions (i.e. levying additional restrictions on data traffic when an "attack" is detected, or loosening up when it's perceived to be "safe"). We can do parlor tricks with it ("AI demonstrations") but I doubt anyone can build a system that does this with any degree of confidence. But then "confidence" doesn't seem to be a major selling point with buyers of security products anyway. Rick. smith () securecomputing com Secure Computing Corporation "Internet Cryptography" at http://www.visi.com/crypto/ and bookstores
Current thread:
- High Performance Firewall solution? Aaron D. Turner (Feb 02)
- Re: High Performance Firewall solution? Bennett Todd (Feb 03)
- Re: High Performance Firewall solution? Aaron D. Turner (Feb 03)
- <Possible follow-ups>
- RE: High Performance Firewall solution? Stout, William (Feb 09)
- RE: High Performance Firewall solution? Aaron D. Turner (Feb 09)
- Reactive Firewalls Aleph One (Feb 09)
- Re: Reactive Firewalls Rick Smith (Feb 11)
- RE: High Performance Firewall solution? Stout, William (Feb 10)
- RE: High Performance Firewall solution? Aaron D. Turner (Feb 11)
- RE: High Performance Firewall solution? Stout, William (Feb 14)
- Re: High Performance Firewall solution? Bennett Todd (Feb 03)