Re: IDS vs Application Proxy Firewal & OT list bouncing

["alfredhuger () winterhope com" <alfredhuger () winterhope com>]

Arian,

On Mon, Oct 27, 2008 at 2:29 PM, Arian J. Evans
<arian.evans () anachronic com> wrote:
> Good points, inline:
>
> On Fri, Oct 24, 2008 at 3:02 PM, alfredhuger () winterhope com
> <alfredhuger () winterhope com> wrote:
> > Arian,
>
> Yes, but I have seen little to no progress in the mainstream
> WAF vendors. And to be fair: they have much more
> immediate problems to solve right now with their
> current approaches.

Agreed and agreed.

> But market viability has already been proven.

Hmm, I think it's clear there is a need for WAF's but I am not sure
the 'market viability' has been proven yet FWIW. The revenues for such
products still pale when compared to traditional firewalls.


> In fact there was one success in the behavioral "WAF/IDS"
> arena few in the security community are aware of. A
> product called "Business Signatures" executed quite
> well in this problem domain -- though ostensibly not
> for the purpose of being a WAF -- and was acquired
> by Entrust a few years ago. They had some large
> and very happy clients I worked with:
>
> http://www.networkworld.com/news/2006/071906-entrust.html

Cool.

>

> <OT>
>
> I would understand if moderation were the problem. My
> messages get rejected by the server configs on less than
> half the SF lists (which the moderators do not control).
> I've had moderators trying to get my posts involved in
> dialogue on those lists and are unable to do so because
> of what appears to be the SF list-server admins.
>
> I have contributed quite productively to the SF list
> community for many years, but at this point I've
> kind of thrown up my hands. After two years you
> probably would too Alfred.

Likely so. I was ignorant of the technical sides of the issue. Mea Culpa.

> nota bene: I only take shots at vendors with vitrol
> if I can support my statements with facts and real-
> world examples, and I have written the vendor off
> in a given problem-domain. In most cases it is
> intended for comic relief (mine) and it is up to the
> reader to chose to appreciate that or not.

Uh, OK. Having been on the ugly end of public posts like that as
someone who ships software the humor is lost on me. For the most part.
One of the things that sucks about this industry is the unchecked
nastiness in public forums. I know some people get a kick out of it. I
guess I am just not one of them.


> I am aware of and certianly respect SF's business
> case for advertising revenue that would lead them
> not to encourage advertiser denigration or emotional
> flame wars devoid of fact. But that's not the issue here.

No, your right, it is not the issue here. SF's business has never been
based off ad revenue and our moderation of posts has never been
subject to rules built off that foundation. I dislike ugly commentary
in public forums. I felt that way when I founded securityfocus and I
feel that way now. It's not to say that I have not engaged in it
myself (because I have) it's just that I hope for more, from all of
us.


> As for my opinions on vendors, well....
>
> I have been wrong before.

Me too.

> By contributing my opinions to the public forum
> I ask that you put them under your protection,
> and allow I may be wrong, YMMV, and I might
> need to change my opinion in the future.
>
> In turn I will both always support the right of
> anyone in this public dialogue to do the same,
> and back up my claims as needed with
> reasonable matters of fact and existence,

Is it too much to ask you to be polite when delivering your message?
The authors of much of the code you disparaged read this forum. Your
posts are dead on so I would be willing to bet you'll have more
influence by modifying your delivery.

My .2

al


> --
> --
> Arian J. Evans.
> Solipsistic Software Security Sophist

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------