Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: FW appliance comparison - Seeking input for the forum

From: "Paul Melson" <pmelson () gmail com>
Date: Thu, 19 Jan 2006 10:24:31 -0500
-----Original Message-----
Subject: Re: [fw-wiz] FW appliance comparison - Seeking input for the forum


I'm not talking about enforcing HTTP. I'm talking about enforcing

application data. I know 

of a firewall vendor actively developing an Active Directory proxy

enforcing which side of 

the proxy is allowed which methods and objects on the other side of the

proxy.

I immediately trained in on 'actively developing.'  Which means that 5 years
after AD became widely used, there's still not a good proxy for it yet.  It
shouldn't be rocket science since it's kerberos, LDAP, NetBIOS, RPC, and
COM.  It also shouldn't have to come from a third party vendor.  But I
digress.



Mechanism is nothing without policy. And firewalls are mechanism.


Right, but policy is equally useless without mechanisms capable of enforcing
it.  And while there are vendors out there that write security proxies for
specific applications and protocols, the products that are out there still
only support a tiny fraction of the protocols present on the average
corporate network.  

Not to discount the power of application proxies, but they're far from a
single solution.

PaulM



_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: