Firewall Wizards mailing list archives
Re: Firewall Primitives
From: Chris Calabrese <chris_calabrese () yahoo com>
Date: Tue, 5 Nov 2002 12:07:13 -0800 (PST)
Hey Crispin, I know you were at least half kidding from your :-), but I had to rebut anyway... Certainly there are examples of firewalls that are little more than a multi-layer, multi-protocol switch with some basic access control rules. And lots of special purpose firewalls or "lite" firewalls for SOHO use still look like this (my home firewall looks like this, plus some support for NATing IPsec and a bult-in wireless access point, but it does exactly what I needed it to and only cost about $200 - and don't bother flaming about the wireless bit either). On the other hand, trying to market something like that today probably wouldn't fly in the enterprise firewall market. There the definition of "firewall" has already expanded to cover stateful rules for handling tortured protocols like RealAudio, VPN support, rudimentary intrusion alerting, and hooks for web content filters, spam filters, virus filters, etc. I expect that the future of enterprise firewalls holds more advanced intrusion detection/prevention capabilities (Sidewinder, Netscreen, and the CrunchBox are leaders here), more integrated web content filters, spam filters, and malware filters (Symantec comes to mind on this one), and maybe even some basic honeypot capabilities for evidence gathering (something Marcus and I discussed a couple of weeks ago at SANS Network Security). So... Yes, some firewalls are simplistic. And yes, some marketing guys try to cover things up. But no, that doesn't mean that all firewalls are simplistic, that all marketing people try to cover things up, or that people would buy such a thing today. And yes, I'm avoiding the urge to end with a witicism about one or more of these truisms... __________________________________________________ Do you Yahoo!? HotJobs - Search new jobs daily now http://hotjobs.yahoo.com/ _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Firewall Primitives, (continued)
- Re: Firewall Primitives Marcus J. Ranum (Nov 06)
- Re: Firewall Primitives Devdas Bhagat (Nov 07)
- Re: Firewall Primitives Adam Shostack (Nov 09)
- BS claims (was Re: Firewall Primitives) Marcus J. Ranum (Nov 09)
- Re: Firewall Primitives Mikael Olsson (Nov 09)
- Re: Firewall Primitives Marcus J. Ranum (Nov 09)
- Re: Firewall Primitives Christopher Hicks (Nov 10)
- Re: Firewall Primitives Predrag Zivic (Nov 10)
- Re: Firewall Primitives Stephen P. Berry (Nov 11)
- Re: Firewall Primitives Cat Okita (Nov 11)
- Re: Firewall Primitives Paul Robertson (Nov 11)
- Re: Firewall Primitives Stephen P. Berry (Nov 11)