Firewall Wizards mailing list archives
Re: Content Switch as security device?
From: Gary Flynn <flynngn () jmu edu>
Date: Thu, 30 Jan 2003 09:29:49 -0500
Dave Mitchell wrote:
Michel, Depending on the type of switch, you might not even have an ASIC that can perform under a DDOS or other type of attack.
This also may be true of a firewall.
Content switches only balance traffic based on source and dest IP/port, and uses a load balancing algorithm to point it at your particular farm or server. It does not perform any other packet inspection to prevent mailicious traffic like a SYN attack, replay, or any other you can think of.
The Cisco boxes also inspect URLs. They also advertise that they protect from denial of service attacks. Of course, they also advertise that they can load balance across firewalls. :) Functionality is merging in firewalls, IDS, IDP, content switch, etc. to prevent this: Inet->anti-DDOS->firewall->anti-virus->IDS/IDP->loadbalance->SSL->content->systems I suspect there may be applications where a "content switch" with security features is a better fit for the organization than certain types of firewalls. -- Gary Flynn Security Engineer - Technical Services James Madison University _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Content Switch as security device? Ludolph, Michel (Jan 29)
- Re: Content Switch as security device? Dave Mitchell (Jan 29)
- Re: Content Switch as security device? Gary Flynn (Jan 30)
- Re: Content Switch as security device? Duncan Sharp (Jan 29)
- Re: Content Switch as security device? Ben Nagy (Jan 30)
- Re: Content Switch as security device? Dave Mitchell (Jan 29)