The VIA Model for Evaluating Security Technologies

[Daniel Miessler <daniel () dmiessler com>]

Here's a short piece I just did on the differences between the various
security technologies, e.g. ACLs, firewalls, IPS, WAFs, etc. The idea
is that there are only three components to a network security
technology:

-- Visibility
-- Identification
-- Action

...and that more advanced technologies are simply better in one or
more of these areas. I'd like to hear if there thoughts on the model,
i.e. whether it's too simple or where it might break down under
scrutiny.

I also discuss briefly (and in the comments) a possible future where
"security points" are placed at all trust boundaries, e.g. between
networks, between networks and hosts, and even between hosts and
applications. The idea is that these security points will have ALL of
the components of a security system (layers 2-7) in each instance, and
based on where the system resides it will use the various types of
functionality.

Anyway, comments welcome. I think it's an interesting discussion.

http://dmiessler.com/blog/the-via-model-of-security-filtering-technologies

--
Daniel R. Miessler
W: http://dmiessler.com/
E: daniel () dmiessler com
P: 510 400 2685
G: 0xD4A8FFF6