Firewall Wizards mailing list archives
RE: Application-level Attacks
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Mon, 14 Feb 2005 13:31:42 -0500
"The current generation of firewalls focuses on the network level, kind of like the walls of a fort stopping direct attack," said Pescatore. "However, close to 75% of today's attacks are tunneling through applications.
This sounds like typical Gartner-spew. There's nothing there to back up the numbers, no methodology, no science. How did Pescatore come up with that figure, is what I want to know? My guess is he found it in the bottom of a box of Cracker Jacks. The reason I jumped on your post is because I strongly believe that in order for computer security to grow up and stop being an intellectual backwater - we need to apply a little science and attempt to accurately quantify what we are doing. That means no more analysts practicing proctological numerology, no more self-selected samples used in polls, no more proof by vigorous hand-waving. The article you reference is a thinly-veiled puff piece for "application security gateways" (read: marketing's new word for proxy firewalls) mjr. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Application-level Attacks Joseph S D Yao (Feb 01)
- <Possible follow-ups>
- Re: Application-level Attacks George Capehart (Feb 01)
- Re[2]: Application-level Attacks gmx (Feb 11)
- Re: Re[2]: Application-level Attacks Brenno Hiemstra (Feb 12)
- Re: Application-level Attacks Devdas Bhagat (Feb 12)
- RE: Application-level Attacks Ofer Shezaf (Feb 14)
- RE: Application-level Attacks Marcus J. Ranum (Feb 14)
- RE: Application-level Attacks Frank Knobbe (Feb 14)
- RE: Application-level Attacks Ofer Shezaf (Feb 14)
- RE: Application-level Attacks Marcus J. Ranum (Feb 14)
- RE: Application-level Attacks R. DuFresne (Feb 19)
- Re: Application-level Attacks Anthony de Boer (Feb 22)
- RE: Application-level Attacks Marcus J. Ranum (Feb 14)
- RE: Application-level Attacks Ofer Shezaf (Feb 19)
- RE: Application-level Attacks Marcus J. Ranum (Feb 22)