IDS mailing list archives
Re: Firewall vs. IPS - Differences now (ISS, Intrushield 2.1?)
From: "M. Dodge Mumford" <dodge () dmumford com>
Date: Fri, 20 Aug 2004 08:56:37 -0400
Rob Shein said:
At first, there were packet filters, which only cared about what ports were used and which hosts were talking; they were ignorant with regard to connection state, fragmentation, or any other aspects of the communication. And they failed to account for services like FTP, where an outside host needs to open a second inbound channel on an unpredictable port to the server. But it definitely cut back on the exposure of a network to outside attackers.
Actually, you missed the first step -- proxy firewalls. They used their host's TCP stack, could readily handle secondary channels for services where proxies chad been written. The boxes were expected to be bastions -- to actually block traffic, and to fall over if attacked with sufficient vigor (thus protecting the critical resources). But they were slow compared to the packet filters and stateful inspection firewalls. The vendors failed to demonstrate how they could mitigate attacks that the market failed to appreciate (or decided the cost outweighed the risk). They would have been an ideal place to perform the checks that prevention systems are now moving towards, but are treated as tubercular lepers. As Ron Gula mentions, enterprise firewalls are expected to have a certain (large) feature set. By referring to this new breed of stuff as being "kinda like a firewall", vendors get to create an entire new buzzphrase (rest in peace, lowly buzzword), and not have to directly compete with the big guys who dominate that space. IPS vendors don't have to feel bad about not being a VPN endpoint, proxies, etc. Yet. It seems to me the meaning of "firewall" has long since been extended to mean just about anything that has the ability to block traffic. -- Dodge, who works for a vendor in the market. Add salt.
Attachment:
_bin
Description:
Current thread:
- Firewall vs. IPS - Differences now (ISS, Intrushield 2.1?) Jacob Winston (Aug 18)
- Re: Firewall vs. IPS - Differences now (ISS, Intrushield 2.1?) Ron Gula (Aug 19)
- RE: Firewall vs. IPS - Differences now (ISS, Intrushield 2.1?) Gary Halleen (Aug 19)
- RE: Firewall vs. IPS - Differences now (ISS, Intrushield 2.1?) Rob Shein (Aug 20)
- Re: Firewall vs. IPS - Differences now (ISS, Intrushield 2.1?) M. Dodge Mumford (Aug 20)
- Re: Firewall vs. IPS - Differences now (ISS, Intrushield 2.1?) Shaiful (Aug 24)
- Re: Firewall vs. IPS - Differences now (ISS, Intrushield 2.1?) M. Dodge Mumford (Aug 20)
- Re: Firewall vs. IPS - Differences now (ISS, Intrushield 2.1?) Srini (Aug 20)
- Re: Firewall vs. IPS - Differences now (ISS, Intrushield 2.1?) Joel Snyder (Aug 20)
- Re: Firewall vs. IPS - Differences now (ISS, Intrushield 2.1?) Thomas Ptacek (Aug 25)
- Re: Firewall vs. IPS - Differences now (ISS, Intrushield 2.1?) nick black (Aug 29)
- Re: Firewall vs. IPS - Differences now (ISS, Intrushield 2.1?) Mike Frantzen (Aug 30)
- Re: Firewall vs. IPS - Differences now (ISS, Intrushield 2.1?) nick black (Aug 30)
- Re: Firewall vs. IPS - Differences now (ISS, Intrushield 2.1?) Mike Frantzen (Aug 30)
- Re: Firewall vs. IPS - Differences now (ISS, Intrushield 2.1?) Thomas Ptacek (Aug 25)
- Re: Firewall vs. IPS - Differences now (ISS, Intrushield 2.1?) Ron Gula (Aug 19)
- <Possible follow-ups>
- RE: Firewall vs. IPS - Differences now (ISS, Intrushield 2.1?) Fulp, J.D. USA (Aug 18)