Firewall Wizards mailing list archives
RE: Time for a new FWTK?
From: "Stout, William" <StoutW () pios com>
Date: Wed, 26 Nov 1997 13:05:16 -0500
----- Original Message ----- From: Marcus J. Ranum [SMTP:mjr () nfr net] chuck yerkes wrote:Hey, Marcus, want to do the FWTK/DEC SEAL stuff AGAIN under GPL or the BSD license? Call it MRTK4FW (you figure it out) and get your net-immortality. I'll buy coffee....I'm pretty much done with firewalls. :) The problem is that I don't know *HOW* to build the next generation of firewalls, and I don't want to build another of the previous generation. "been there, done that" repeatedly...
Actually you're in a perfect position to do that. The next step up for Wheelgroups' IDS system was to dynamically adjust the filter rules in a firewall (NGC Borderguard/NetSentry). You can control a group of firewalls with an IDS 'non-proprietary standard' and NFR. Gee, if corporate has an IDS system, and you can figure a way to control firewalls that way, you can then implement corporate dictatorship over departmental firewalls. Maybe even delegate or offload a subset of control to the departmental admins. Hmm, that would do some fine-detail of control. Protocol and application control on a per departmental basis. Security by compartmentalization, aka 'zoning'. A corporation would have a semi-open DMZ 'backbone'. This would put an IS group into the ISP and 'service provider'-server (SQL, App, etc) business for the corporation. Departments could buy their own firewalls, and corporate can dictate that a firewall must be used for backbone/internet access, and that firewalls meet the NFR standard for centralized control and IDS. Another thought. AFA 'expert analysis', that can be put in a central box, and the departmental firewalls could in effect, ask the dictator box, "Is this O.K. to pass?". Client/server distributed firewall architechture. NC firewalls. Other proxy people responsible for 'suck brain-damaged protocols'. Bill Stout
Current thread:
- RE: Time for a new FWTK? Stout, William (Nov 26)
- <Possible follow-ups>
- RE: Time for a new FWTK? Bret Watson (Nov 26)
- RE: Time for a new FWTK? Craig Brozefsky (Nov 27)
- Re: Time for a new FWTK? Bennett Todd (Nov 28)
- Re: Time for a new FWTK? Craig Brozefsky (Nov 28)
- Re: Time for a new FWTK? Marcus J. Ranum (Nov 28)
- New firewall paradigms, anyone ? Darren Reed (Nov 28)
- Re: New firewall paradigms, anyone ? Marcus J. Ranum (Nov 28)
- RE: Time for a new FWTK? Craig Brozefsky (Nov 27)
- RE: Time for a new FWTK? Bret Watson (Nov 28)
- RE: Time for a new FWTK? Marcus J. Ranum (Nov 28)