Firewall Wizards mailing list archives
Re: PIX sux? (was Re: Start watching your logfiles folks!)
From: "Ryan Russell" <Ryan.Russell () sybase com>
Date: Sun, 26 Dec 1999 19:51:02 -0800
All I am trying to say here is that both FW-1 & PIX will not be able to catch application layer attacks.
And I'm asking why you think that.
I don't question the "firewalling" capabilities of FW-1 & PIX or would like to start a discussion on statefull vs. proxy. One would think about application level attacks and bring a different type of technology to support/compliment firewalls. Firewalls (PIX & FW-1) will neither help in all situations nor are a total solution for all Internet based attacks.
While I don't claim they are a "total solution" (and I've never seen anything that is, even using the most restrictive definition of "total") there's no reason they couldn't be in theory. It's entirely possible to port NFR to inspect code and run it as part of your FW-1 setup. You likely wouldn't want to or be happy with the performance, but it's theoretically possible. That, and MJR would probably rather go out of business. :)
P.S. One would think about the mail viruses (maybe even better, trojans) that travel over the Internet, although we have firewalls...
And both the PIX and FW-1 can catch viruses, with
add-on products.
Ryan
Current thread:
- PIX sux? (was Re: Start watching your logfiles folks!) Ryan Russell (Dec 24)
- <Possible follow-ups>
- Re: PIX sux? (was Re: Start watching your logfiles folks!) Predrag Zivic (Dec 26)
- RE: PIX sux? (know Stateful vs Application) Shaun Moran (Dec 27)
- RE: PIX sux? (know Stateful vs Application) Frederick M Avolio (Dec 28)
- RE: PIX sux? (know Stateful vs Application) David Lang (Dec 28)
- RE: PIX sux? (know Stateful vs Application) Dom De Vitto (Dec 28)
- Re: PIX sux? (know Stateful vs Application) Darren Reed (Dec 30)
- RE: PIX sux? (know Stateful vs Application) Shaun Moran (Dec 27)
- Re: PIX sux? (was Re: Start watching your logfiles folks!) Ryan Russell (Dec 27)