Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name

From: Crispin Cowan <crispin () wirex com>
Date: Mon, 12 Aug 2002 23:54:17 -0700
Marcus J. Ranum wrote:


Crispin Cowan wrote:


To me, this [signature firewalls] is a firewall.

Actually:
       IDS
       VPN routers
       honeypots
       Firewalls
       URL filters
       boundary antivirus
       caching proxies

are all the same thing, from a sufficiently high level.


Sure, they're all things :)
The abstract distinction I make is between sensors (IDS, honeypots) and access control mechanisms (VPN routers (kinda), firewalls, URL filters, boundary antivirus, and caching proxies (any proxies)). The breathtaking innovation :) of inline-IDS/intrusion prevention is to take the good/bad rule engine from IDS and use it for access control. 'cept when you do that, you have to throw out the flakey half of the IDS's rule set, lest you accidentally lock out legitimate traffic. 

Crispin

--
Crispin Cowan, Ph.D.
Chief Scientist, WireX                      http://wirex.com/~crispin/
Security Hardened Linux Distribution:       http://immunix.org
Available for purchase: http://wirex.com/Products/Immunix/purchase.html


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: