Firewall Wizards mailing list archives

RE: Firewalls/Internet Security - TNG

From: "Wright, Steven" <SWright () v-one com>
Date: Tue, 9 Dec 1997 14:18:10 -0500

Edward Cracknell writes:

So, firewall development is slowing/stopped. Intrusion detection is

the

future.....then where?

      Marcus J. Ranum writes:
        >Where next? I think that for security products to succeed, and
for
        >network/system management products to succeed, the two must
        >become one. 

I can do nothing more than ecstatically agree with MJR!!!!!

Network Managers, need some way of analyzing the usage of a network
to show where there is need for growth(bandwidth, routers, server,
etc.);
Network Engineers, need some way of analyzing connectivity to trouble 
shoot problems in a network(bad router, bad macs, bad arps, etc.);
Network Security, needs some way of analyzing the traffic in order to 
delegate authorization(VPN's, ACL's, etc.) for "lawful" traffic, or take

action against that traffic which is unlawful and deemed  harmful 
to the network/system environment(Ping flooding, denial of service, and
possibly the dectection of Intruders, etc.).

It seems only the natural course to merge security and network
technology
into one Network Service Solution.  Where this solution entails some way
of gathering statistics on the network usage for certain services and 
bandwidth used, some way of analyzing the connectivity on a network to
help trouble-shoot problems, some way of allowing authorization of the 
good guys and ensuring they can only go to designated nodes or subnet,
some way of ensuring that the traffic on your network is not going to
cause harm or is not wanted, and be able to offer this solution into a
single server that can be easily managed from one central point.  I
guess
while you're at it you might as well throw-in Key-Recovery for the
encrypted
traffic of the VPN, and a paging system to send alerts to you.

I do believe that the first step in this process is the institution of a
mechanism like the Network Flight Recorder, and the acceptance
of it amonst the Network Community.  I think once the community
sees its value, then a Network Service Solution type mechanism
will begin to fall into place.

Steven R. Wright
Sr. Software Engineer                
V-ONE Corporation                       
swright () v-one com

Favorite Saying:

" All Code can be made smaller,

  and
  All Code is inherently bugged;
  Therefore,
  All code can be reduced to one incorrect line. "

*The opinions expressed in this email are mine and not necessarily that
of V-ONE's*

Current thread:

Firewalls/Internet Security - TNG Edward Cracknell (Dec 01)
- Re: Firewalls/Internet Security - TNG Ted Doty (Dec 03)
- Re: Firewalls/Internet Security - TNG Larry J. Hughes Jr. (Dec 03)
- Re: Firewalls/Internet Security - TNG Frank Willoughby (Dec 03)
- Re: Firewalls/Internet Security - TNG Marcus J. Ranum (Dec 08)
  - Re[2]: Firewalls/Internet Security - TNG Edward Cracknell (Dec 09)
  - Re: Firewalls/Internet Security - TNG Fred Donck (Dec 11)
- <Possible follow-ups>
- RE: Firewalls/Internet Security - TNG Safier, Adam (GEIS) (Dec 03)
- RE: Firewalls/Internet Security - TNG Wright, Steven (Dec 09)
- Re[2]: Firewalls/Internet Security - TNG Rick_Giering_at_mpg003 (Dec 11)
  - Re: Re[2]: Firewalls/Internet Security - TNG Joseph S. D. Yao (Dec 11)
    - Re: Re[2]: Firewalls/Internet Security - TNG Rudolf Schreiner (Dec 12)