Firewall Wizards mailing list archives
RE: Firewalls/Internet Security - TNG
From: "Wright, Steven" <SWright () v-one com>
Date: Tue, 9 Dec 1997 14:18:10 -0500
Edward Cracknell writes:So, firewall development is slowing/stopped. Intrusion detection isthefuture.....then where?
Marcus J. Ranum writes: >Where next? I think that for security products to succeed, and for >network/system management products to succeed, the two must >become one. I can do nothing more than ecstatically agree with MJR!!!!! Network Managers, need some way of analyzing the usage of a network to show where there is need for growth(bandwidth, routers, server, etc.); Network Engineers, need some way of analyzing connectivity to trouble shoot problems in a network(bad router, bad macs, bad arps, etc.); Network Security, needs some way of analyzing the traffic in order to delegate authorization(VPN's, ACL's, etc.) for "lawful" traffic, or take action against that traffic which is unlawful and deemed harmful to the network/system environment(Ping flooding, denial of service, and possibly the dectection of Intruders, etc.). It seems only the natural course to merge security and network technology into one Network Service Solution. Where this solution entails some way of gathering statistics on the network usage for certain services and bandwidth used, some way of analyzing the connectivity on a network to help trouble-shoot problems, some way of allowing authorization of the good guys and ensuring they can only go to designated nodes or subnet, some way of ensuring that the traffic on your network is not going to cause harm or is not wanted, and be able to offer this solution into a single server that can be easily managed from one central point. I guess while you're at it you might as well throw-in Key-Recovery for the encrypted traffic of the VPN, and a paging system to send alerts to you. I do believe that the first step in this process is the institution of a mechanism like the Network Flight Recorder, and the acceptance of it amonst the Network Community. I think once the community sees its value, then a Network Service Solution type mechanism will begin to fall into place. Steven R. Wright Sr. Software Engineer V-ONE Corporation swright () v-one com
Favorite Saying:
" All Code can be made smaller,
and All Code is inherently bugged; Therefore, All code can be reduced to one incorrect line. "
*The opinions expressed in this email are mine and not necessarily that of V-ONE's*
Current thread:
- Firewalls/Internet Security - TNG Edward Cracknell (Dec 01)
- Re: Firewalls/Internet Security - TNG Ted Doty (Dec 03)
- Re: Firewalls/Internet Security - TNG Larry J. Hughes Jr. (Dec 03)
- Re: Firewalls/Internet Security - TNG Frank Willoughby (Dec 03)
- Re: Firewalls/Internet Security - TNG Marcus J. Ranum (Dec 08)
- Re[2]: Firewalls/Internet Security - TNG Edward Cracknell (Dec 09)
- Re: Firewalls/Internet Security - TNG Fred Donck (Dec 11)
- <Possible follow-ups>
- RE: Firewalls/Internet Security - TNG Safier, Adam (GEIS) (Dec 03)
- RE: Firewalls/Internet Security - TNG Wright, Steven (Dec 09)
- Re[2]: Firewalls/Internet Security - TNG Rick_Giering_at_mpg003 (Dec 11)
- Re: Re[2]: Firewalls/Internet Security - TNG Joseph S. D. Yao (Dec 11)
- Re: Re[2]: Firewalls/Internet Security - TNG Rudolf Schreiner (Dec 12)
- Re: Re[2]: Firewalls/Internet Security - TNG Joseph S. D. Yao (Dec 11)