IDS mailing list archives
Re: Firewall vs. IPS - Differences now (ISS, Intrushield 2.1?)
From: Shaiful <shaifuljahari () yahoo com>
Date: Sun, 22 Aug 2004 17:32:43 -0700 (PDT)
Hi, I think what you meant is the SOCKS firewall. I've never really understand the technology behind it except that it's working at the transport layer. Can somebody enlighten us with this technology in a layman terms? May be this email should be inside firewall mailing list but just wondering about the technology behind it. If you can compare this technology with network and application layer firewall, it is better since I understand both of them, more or less. I know the faq site in case you want to link it: http://www.socks.permeo.com/TechnicalResources/SOCKSFAQ/index.asp Thanks in advance. Regards, Shaiful --- "M. Dodge Mumford" <dodge () dmumford com> wrote:
Rob Shein said:At first, there were packet filters, which onlycared about what ports wereused and which hosts were talking; they wereignorant with regard toconnection state, fragmentation, or any otheraspects of the communication.And they failed to account for services like FTP,where an outside hostneeds to open a second inbound channel on anunpredictable port to theserver. But it definitely cut back on theexposure of a network to outsideattackers.Actually, you missed the first step -- proxy firewalls. They used their host's TCP stack, could readily handle secondary channels for services where proxies chad been written. The boxes were expected to be bastions -- to actually block traffic, and to fall over if attacked with sufficient vigor (thus protecting the critical resources). But they were slow compared to the packet filters and stateful inspection firewalls. The vendors failed to demonstrate how they could mitigate attacks that the market failed to appreciate (or decided the cost outweighed the risk). They would have been an ideal place to perform the checks that prevention systems are now moving towards, but are treated as tubercular lepers. As Ron Gula mentions, enterprise firewalls are expected to have a certain (large) feature set. By referring to this new breed of stuff as being "kinda like a firewall", vendors get to create an entire new buzzphrase (rest in peace, lowly buzzword), and not have to directly compete with the big guys who dominate that space. IPS vendors don't have to feel bad about not being a VPN endpoint, proxies, etc. Yet. It seems to me the meaning of "firewall" has long since been extended to mean just about anything that has the ability to block traffic. -- Dodge, who works for a vendor in the market. Add salt.
ATTACHMENT part 2 application/pgp-signature
__________________________________ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail -------------------------------------------------------------------------- FREE Network Security Webinar - How to implement IPSec security into VPN appliances New threats and vulnerabilities require new high-performance IPSec VPN solutions for network protection. Join the security experts from SafeNet on August 26 at 1:00 PM (Eastern), and learn how to successfully integrate IPSec security into VPN processors and appliances to provide powerful yet cost-effective VPN solutions for your customers. Register now: http://www.securityfocus.com/sponsor/SafeNet_focus-ids_040817 --------------------------------------------------------------------------
Current thread:
- Firewall vs. IPS - Differences now (ISS, Intrushield 2.1?) Jacob Winston (Aug 18)
- Re: Firewall vs. IPS - Differences now (ISS, Intrushield 2.1?) Ron Gula (Aug 19)
- RE: Firewall vs. IPS - Differences now (ISS, Intrushield 2.1?) Gary Halleen (Aug 19)
- RE: Firewall vs. IPS - Differences now (ISS, Intrushield 2.1?) Rob Shein (Aug 20)
- Re: Firewall vs. IPS - Differences now (ISS, Intrushield 2.1?) M. Dodge Mumford (Aug 20)
- Re: Firewall vs. IPS - Differences now (ISS, Intrushield 2.1?) Shaiful (Aug 24)
- Re: Firewall vs. IPS - Differences now (ISS, Intrushield 2.1?) M. Dodge Mumford (Aug 20)
- Re: Firewall vs. IPS - Differences now (ISS, Intrushield 2.1?) Srini (Aug 20)
- Re: Firewall vs. IPS - Differences now (ISS, Intrushield 2.1?) Joel Snyder (Aug 20)
- Re: Firewall vs. IPS - Differences now (ISS, Intrushield 2.1?) Thomas Ptacek (Aug 25)
- Re: Firewall vs. IPS - Differences now (ISS, Intrushield 2.1?) nick black (Aug 29)
- Re: Firewall vs. IPS - Differences now (ISS, Intrushield 2.1?) Mike Frantzen (Aug 30)
- Re: Firewall vs. IPS - Differences now (ISS, Intrushield 2.1?) nick black (Aug 30)
- Re: Firewall vs. IPS - Differences now (ISS, Intrushield 2.1?) Mike Frantzen (Aug 30)
- Re: Firewall vs. IPS - Differences now (ISS, Intrushield 2.1?) Thomas Ptacek (Aug 25)
- Re: Firewall vs. IPS - Differences now (ISS, Intrushield 2.1?) Ron Gula (Aug 19)
- <Possible follow-ups>
- RE: Firewall vs. IPS - Differences now (ISS, Intrushield 2.1?) Fulp, J.D. USA (Aug 18)
- RE: Firewall vs. IPS - Differences now (ISS, Intrushield 2.1?) Brito, Nelson (ISS Brazil) (Aug 20)